CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1963

Affected software: WeKan up to 8.20. Vulnerability: Improper access controls in the Attachment Storage component, specifically in the file models/attachments.js. The issue could be exploited remotely and is driven by an unspecified function, enabling access control bypass. Impact: High (as per CV...

CVE-2026-1963 WeKan Attachment Storage attachments.js MoveStorageBleed access control

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

CVE-2026-1963 WeKan Attachment Storage attachments.js MoveStorageBleed access control

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

CVE-2026-1963

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Storage component, specifically the file models/attachments.js, whi...

PT-2026-6631

Name of the Vulnerable Software and Affected Versions WeKan versions up to 8.20 Description A flaw exists in WeKan that relates to improper access controls within the Attachment Storage component. The issue is located in the file models/attachments.js and impacts an unknown function. This...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

PT-2026-6074

Name of the Vulnerable Software and Affected Versions WeKan versions up to 8.20 Description A flaw exists in WeKan, specifically within the Attachment Storage Handler component. The issue resides in the applyWipLimit function located in the models/lists.js file. Exploitation of this flaw can lead...

EUVD-2002-0453

Malware in sbrugna...

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

Android Outlook App Could Expose Emails, Attachments

There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments. Paolo Soto, a researcher with the security firm Include Security, said his team initially dug up the vulnerabilities in November...

CVE-2002-0455

IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames...