Vulnerabilities in kanboard
25 resultsCVE-2024-51748CRITICALRemote code execution through language setting in kanboardEPSS 0.9%CVE-2025-55010CRITICALKanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of EventsEPSS 0.9%CVE-2024-51747CRITICALArbitrary File Read and Delete in kanboardEPSS 0.8%CVE-2023-36813HIGHKanboard Authenticated SQL Injections vulnerabilityEPSS 0.8%CVE-2023-33956MEDIUMParameter based Indirect Object Referencing leading to private file exposure in KanboardEPSS 0.6%CVE-2023-33970MEDIUMMissing access control in internal task links feature in KanboardEPSS 0.5%CVE-2023-32685MEDIUMClipboard based cross-site scripting (blocked with default CSP) in KanboardEPSS 0.5%CVE-2023-33969MEDIUMStored Cross site scripting in the Task External Link Functionality in KanboardEPSS 0.5%CVE-2024-55603MEDIUMInsufficient session invalidation in KanboardEPSS 0.5%CVE-2026-25924HIGHKanboard is Missing Access Control on Plugin Installation leading to Administrative RCEEPSS 0.5%CVE-2025-52560HIGHKanboard Password Reset Poisoning via Host Header InjectionEPSS 0.5%CVE-2026-21881CRITICALKanboard is Vulnerable to Reverse Proxy Authentication BypassEPSS 0.4%CVE-2023-33968MEDIUMMissing Access Control allows User to move and duplicate tasks in KanboardEPSS 0.4%CVE-2024-54001MEDIUMKanboard allows a persistent HTML injection site scripting in settings page date formatEPSS 0.4%CVE-2026-29056HIGHKanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become adminEPSS 0.4%CVE-2024-36399HIGHKanboard affected by Project Takeover via IDOR in ProjectPermissionControllerEPSS 0.4%CVE-2026-21880MEDIUMKanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information DisclosureEPSS 0.4%CVE-2025-55011MEDIUMKanboard Path Traversal in File Write via Task File Upload ApiEPSS 0.3%CVE-2025-52576MEDIUMKanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection BypassEPSS 0.3%CVE-2025-46825LOWKanboard has stored Cross-site Scripting vulnerability in project nameEPSS 0.3%