Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-33058	Kanboard has Authenticated SQL Injection in Project Permissions Handler	kanboard	kanboard	中危	-	2026-03-18 02:17:04	Deep Dive
CVE-2026-29056	Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin	kanboard	kanboard	高危	-	2026-03-18 01:56:19	Deep Dive
CVE-2026-25531	Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects	kanboard	kanboard	Medium	4.3	2026-02-13 15:04:24	Deep Dive
CVE-2026-25924	Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE	kanboard	kanboard	High	8.4	2026-02-11 20:43:20	Deep Dive
CVE-2026-25530	Kanboard is missing authorization check in getSwimlane API allows cross-project data access	kanboard	kanboard	Medium	4.3	2026-02-10 16:47:59	Deep Dive
CVE-2026-24885	Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment	kanboard	kanboard	Medium	5.7	2026-02-10 16:40:02	Deep Dive
CVE-2026-21881	Kanboard is Vulnerable to Reverse Proxy Authentication Bypass	kanboard	kanboard	Critical	9.1	2026-01-08 01:08:02	Deep Dive
CVE-2026-21880	Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure	kanboard	kanboard	Medium	5.3	2026-01-08 00:59:20	Deep Dive
CVE-2026-21879	Kanboard vulnerable to Open Redirect via protocol-relative URLs	kanboard	kanboard	Medium	4.7	2026-01-08 00:51:51	Deep Dive
CVE-2025-55010	Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events	kanboard	kanboard	Critical	9.1	2025-08-12 15:57:13	Deep Dive
CVE-2025-55011	Kanboard Path Traversal in File Write via Task File Upload Api	kanboard	kanboard	Medium	6.4	2025-08-12 15:57:08	Deep Dive
CVE-2025-52576	Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass	kanboard	kanboard	Medium	5.3	2025-06-25 16:46:02	Deep Dive
CVE-2025-52560	Kanboard Password Reset Poisoning via Host Header Injection	kanboard	kanboard	High	8.1	2025-06-24 02:56:27	Deep Dive
CVE-2025-46825	Kanboard has stored Cross-site Scripting vulnerability in project name	kanboard	kanboard	-	-	2025-05-12 22:53:42	Deep Dive
CVE-2024-55603	Insufficient session invalidation in Kanboard	kanboard	kanboard	Medium	6.5	2024-12-18 23:52:57	Deep Dive
CVE-2024-54001	Kanboard allows a persistent HTML injection site scripting in settings page date format	kanboard	kanboard	Medium	5.5	2024-12-05 15:17:48	Deep Dive
CVE-2024-51747	Arbitrary File Read and Delete in kanboard	kanboard	kanboard	Critical	9.1	2024-11-11 19:22:27	Deep Dive
CVE-2024-51748	Remote code execution through language setting in kanboard	kanboard	kanboard	Critical	9.1	2024-11-11 19:20:29	Deep Dive
CVE-2024-36399	Kanboard affected by Project Takeover via IDOR in ProjectPermissionController	kanboard	kanboard	High	8.2	2024-06-06 15:15:47	Deep Dive
CVE-2023-36813	Kanboard Authenticated SQL Injections vulnerability	kanboard	kanboard	High	7.1	2023-07-05 21:05:53	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List