CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

CVE-2026-2205

WeKan up to 8.20 is affected in the Meteor Publication Handler component, specifically the file server/publications/cards.js, allowing information disclosure via a remote attack. The public descriptions indicate upgrading to version 8.21 mitigates the issue and reference the patch 0f5a9c38778ca55...

EUVD-2026-5703

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the Rules Handler component’s file server/publications/rules.js file, which could lead to lack of...

CVE-2026-1962

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is...

EUVD-2026-5527

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is...

CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Migration component, specifically the file...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of parameters in the file server/migrations/comprehensiveBoardMigration.js, leading to...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the models/boards.js file within the component’s REST endpoint, which had improper...

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper access control due to operations on the functions in the models/lists.js file...

WeKan 授权问题漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a vulnerability related to authorization. This vulnerability stemmed from improper handling of parameters in the models/checklistItems.js file...

CVE-2025-5139

A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument...

CVE-2025-5139

A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument...

CVE-2025-5139 Qualitor Office 365-type Connection testaConexaoOffice365.php command injection

A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument...

CVE-2025-5139 Qualitor Office 365-type Connection testaConexaoOffice365.php command injection

A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument...

Code injection

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

CVE-2023-47253

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...