In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-49145 was detected. This vulnerability allows users with permissions to create webhooks to trigger database deletion due to insufficient validation of webhook callback signatures. To fix this vulnerability, users should upgrade to iTop version 2.7.13, 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49145.
Read more IT Business ManagementIn Combodo iTop versions on the 3.x branch prior to 3.2.2 a medium severity vulnerability CVE-2025-48878 was detected. This vulnerability allows users with insufficient privileges to create a ModuleInstallation object due to an insecure direct object reference (IDOR). To fix this vulnerability, users should upgrade to iTop version 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48878.
Read more IT Business ManagementIn Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-48065 was detected. This vulnerability allows reflected cross-site scripting (XSS) to occur when a form field containing an error renders attacker-controlled content back to the user. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48065.
Read more IT Business ManagementIn Combodo iTop versions prior to 3.2.2 a high severity vulnerability CVE-2025-48055 was detected. This vulnerability allows stored cross-site scripting (XSS) in the User Portal’s browse brick, where user-supplied content could be rendered without proper sanitization. To fix this vulnerability, users should upgrade to iTop versions 3.2.2 or 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48055.
Read more IT Business ManagementIn iTop v.3.1.0-2-11973 a high severity vulnerability CVE-2023-47489 was detected. A CSV injection in the export functionality (export-v2.php and ajax.render.php) allows a local attacker to inject crafted scripts that can lead to arbitrary code execution. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47489.
Read more IT Business ManagementIn iTop v.3.1.0-2-11973 a medium severity vulnerability CVE-2023-47488 was detected. This cross-site scripting (XSS) vulnerability allows a local attacker to obtain sensitive information by injecting a crafted script into the attrib_manager_id parameter in the General Information page or the id parameter in the contact page. To address this issue, users should upgrade iTop to versions 3.0.4, 3.1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-47488.
Read more IT Business ManagementIn Kanboard versions prior to 1.2.47 a medium severity vulnerability CVE-2025-55011 was detected. This vulnerability allows attackers to write files anywhere on the system the application user controls due to missing validation of the task_id parameter and lack of path traversal checks in the createTaskFile API method. To address this issue users should upgrade Kanboard to version 1.2.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55011.
Read more Project ManagementIn Kanboard versions prior to 1.2.47 a critical severity vulnerability CVE-2025-55010 was detected. This vulnerability allows attackers with admin access to achieve remote code execution by exploiting unsafe deserialization in the ProjectEventActivityFormatter via the event[“data”] field in the project_activities table, potentially writing a web shell to the /plugins folder. To address this issue, users should upgrade Kanboard to version 1.2.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55010.
Read more Project ManagementIn Ansible Automation Platform a medium severity vulnerability CVE-2025-7738 was detected. This vulnerability allows administrators or auditors to view GitHub Enterprise authenticator client secrets in clear text via the Gateway API, increasing the risk of accidental leaks or misuse. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7738.
Read more IT Business Management