Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kanboard — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting kanboard. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by kanboard:kanboard
CVE IDTitleCVSSSeverityPublished
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler — kanboardCWE-89 6.5 -2026-03-18
CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin — kanboardCWE-915 8.8 -2026-03-18
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects — kanboardCWE-862 4.3 Medium2026-02-13
CVE-2026-25924 Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE — kanboardCWE-863 8.5 High2026-02-11
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access — kanboardCWE-639 4.3 Medium2026-02-10
CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment — kanboardCWE-352 5.7 Medium2026-02-10
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass — kanboardCWE-287 9.1 Critical2026-01-08
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure — kanboardCWE-90 5.3 Medium2026-01-08
CVE-2026-21879 Kanboard vulnerable to Open Redirect via protocol-relative URLs — kanboardCWE-601 4.7 Medium2026-01-08
CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events — kanboardCWE-502 9.1 Critical2025-08-12
CVE-2025-55011 Kanboard Path Traversal in File Write via Task File Upload Api — kanboardCWE-22 6.4 Medium2025-08-12
CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass — kanboardCWE-203 5.3 Medium2025-06-25
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection — kanboardCWE-640 8.1 High2025-06-24
CVE-2025-46825 Kanboard has stored Cross-site Scripting vulnerability in project name — kanboardCWE-79 6.1AIMediumAI2025-05-12
CVE-2024-55603 Insufficient session invalidation in Kanboard — kanboardCWE-613 6.5 Medium2024-12-18
CVE-2024-54001 Kanboard allows a persistent HTML injection site scripting in settings page date format — kanboardCWE-80 5.5 Medium2024-12-05
CVE-2024-51747 Arbitrary File Read and Delete in kanboard — kanboardCWE-22 9.1 Critical2024-11-11
CVE-2024-51748 Remote code execution through language setting in kanboard — kanboardCWE-22 9.1 Critical2024-11-11
CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController — kanboardCWE-284 8.2 High2024-06-06
CVE-2023-36813 Kanboard Authenticated SQL Injections vulnerability — kanboardCWE-89 7.1 High2023-07-05
CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard — kanboardCWE-79 6.4 Medium2023-06-05
CVE-2023-33970 Missing access control in internal task links feature in Kanboard — kanboardCWE-862 5.4 Medium2023-06-05
CVE-2023-33968 Missing Access Control allows User to move and duplicate tasks in Kanboard — kanboardCWE-862 5.4 Medium2023-06-05
CVE-2023-33956 Parameter based Indirect Object Referencing leading to private file exposure in Kanboard — kanboardCWE-200 4.3 Medium2023-06-05
CVE-2023-32685 Clipboard based cross-site scripting (blocked with default CSP) in Kanboard — kanboardCWE-79 4.4 Medium2023-05-30

This page lists every published CVE security advisory associated with kanboard. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.