In Redmine versions 6.0.0 through 6.0.3 a medium severity vulnerability CVE-2025-4011 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via manipulation of the “Name” argument in the Custom Query Handler. To address this issue, users should upgrade Redmine to versions 6.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4011.
Read more Project Management
In Combodo iTop versions prior to 2.7.12, 3.1.2 and 3.2.0 a medium severity vulnerability CVE-2025-27139 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks when the preferences page is opened. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.2, 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27139.
Read more IT Business Management
In iTop version 16.0 a high severity vulnerability CVE-2024-53588 was detected. This vulnerability allows attackers to run malicious code on the system by tricking iTop VPN into loading a fake DLL file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53588.
In Kanboard versions 1.2.48 and below a critical severity vulnerability CVE-2026-21881 was detected. This vulnerability allows attackers to bypass authentication and impersonate any user, including administrators, by sending spoofed HTTP headers when REVERSE_PROXY_AUTH is enabled, as the application does not verify that requests originate from a trusted reverse proxy. To address this issue, users should upgrade Kanboard to version 1.2.49. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21881.
Read more Project Management
In Kanboard versions 1.2.48 and below a medium severity vulnerability CVE-2026-21880 was detected. This vulnerability allows attackers to exploit improper input sanitization in the LDAP authentication mechanism to perform LDAP injection, enabling user enumeration and disclosure of sensitive LDAP user attributes. To address this issue, users should upgrade Kanboard to version 1.2.49. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21880.
Read more Project Management
In Kanboard versions 1.2.48 and below a medium severity vulnerability CVE-2026-21879 was detected. This vulnerability allows attackers to perform open redirect attacks by abusing protocol-relative URLs (e.g., //evil.com) that bypass URL validation, redirecting authenticated users to attacker-controlled websites. To address this issue, users should upgrade Kanboard to version 1.2.49. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21879.
Read more Project Management
In Kanboard versions prior to 1.2.43 a medium severity vulnerability CVE-2024-55603 was detected. This vulnerability allows attackers to use expired sessions as they remain valid due to improper verification of session lifetime in the database. To address this issue, users should upgrade Kanboard to version 1.2.43. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55603.
Read more Project Management
In iTop versions before 2.7.11, from including 3.0.0-alpha and before 3.1.2, and from including 3.2.0-alpha1 and before 3.2.0 a high severity vulnerability CVE-2024-54139 was detected. This vulnerability allows attackers to perform cross-site scripting, which can lead to cross-site request forgery via the `_table_id` parameter. To address this issue, users should upgrade iTop to versions 2.7.11, 3.1.2, or 3.2.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-54139.
Read more IT Business Management
In Kanboard version 1.2.40 a medium severity vulnerability CVE-2024-54001 was detected. This vulnerability allows attackers to inject malicious HTML or JavaScript into the application, potentially leading to unauthorized actions or data theft. To fix this issue, users should upgrade Kanboard to version 1.2.41. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54001.
Read more Project Management