📦 Kanboard
by Kanboard
🔍 What is Kanboard?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical authentication bypass vulnerability in Kanboard allows attackers to impersonate any user, including administrators, by sending spoofed HTTP headers when REVERSE_PROXY_AUTH is enabled. Th...
CVE-2025-55010 is an unsafe deserialization vulnerability in Kanboard that allows admin users to execute arbitrary PHP code by manipulating event data. This can lead to remote code execution via web s...
This vulnerability allows authenticated Kanboard administrators to read and delete arbitrary files on the server by uploading a modified SQLite database file containing path traversal payloads. The at...
Kanboard versions before 1.2.46 have a password reset vulnerability where attackers can craft malicious reset links that leak tokens to attacker-controlled domains. This occurs when the application_ur...
This SQL injection vulnerability in Kanboard allows authenticated users to execute arbitrary SQL queries, potentially leading to privilege escalation or unauthorized data access. All Kanboard instance...
This vulnerability allows authenticated Kanboard users to duplicate tasks into projects they shouldn't have access to, bypassing permission controls. It affects Kanboard installations before version 1...
This vulnerability allows authenticated Kanboard users to access swimlane data from projects they shouldn't have permission to view. It affects all Kanboard instances running versions before 1.2.50. T...
This CVE describes an Open Redirect vulnerability in Kanboard versions 1.2.48 and below that allows attackers to redirect authenticated users to malicious websites. By crafting URLs like //evil.com, a...
Kanboard versions 1.2.48 and below contain an LDAP injection vulnerability in the authentication mechanism. Attackers can manipulate LDAP search filters to enumerate all LDAP users, discover sensitive...
This vulnerability in Kanboard allows attackers to enumerate valid usernames and bypass IP-based brute-force protection mechanisms. By analyzing login behavior and manipulating HTTP headers, attackers...
Kanboard versions 1.2.26 through 1.2.44 have a stored cross-site scripting vulnerability in the project creation form's name parameter. Attackers can inject malicious scripts that execute when other u...
This vulnerability allows attackers to use expired session IDs to maintain unauthorized access to Kanboard instances. It affects all Kanboard users running versions before 1.2.43 due to improper sessi...