Lucene search
+L

690 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-55234

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any...

8.5CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-53445

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-55234 Wekan: Broken access control: any authenticated user can move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any...

8.5CVSS0.00243EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-55234 Wekan: Broken access control: any authenticated user can move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any...

8.5CVSS6.1AI score0.00243EPSS
Exploits0References5
CVE
CVE
added 3 days ago11 views

CVE-2026-55234

Wekan (open source Kanban on Meteor) has a cross-board write flaw in versions before 9.37. The DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js validate only the stored boardId and do not verify a new boardId in the update mod...

8.5CVSS6.1AI score0.00243EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-53447 Wekan: `cloneBoard` Meteor method has no authorization check — any user can clone (read) any private board by ID

Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...

6.5CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-53447 Wekan: `cloneBoard` Meteor method has no authorization check — any user can clone (read) any private board by ID

Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...

6.5CVSS6.1AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 3 days ago11 views

CVE-2026-53447

Wekan (open-source Kanban) contains a vulnerability in the cloneBoard Meteor method prior to version 9.35. The method in models/import.js uses a caller-supplied sourceBoardId to export a board via models/exporter.js without canExport checks or membership verification. As a result, any authenticat...

6.5CVSS6.1AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-53445

CVE-2026-53445 (Wekan) : Affected component is Wekan’s copyBoard DDP publication (server/publications/boards.js). Before version 9.32, the copy operation copied a board by caller-supplied boardId without validating this.userId, membership, or admin access, enabling any authenticated user to copy ...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60323

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.35 Description The cloneBoard Meteor method in models/import.js fails to invoke the canExport function or verify membership of the source board when using the sourceBoardId variable. This allows an authenticated user...

6.5CVSS6.1AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago12 views

PT-2026-60324

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.37 Description Authenticated users with write access to their own board can move cards, lists, or swimlanes into a private board they are not members of. This occurs because DDP update allow rules in...

8.5CVSS5.3AI score0.00243EPSS
Exploits0References7
OSV
OSV
added 2026/07/10 3:45 p.m.5 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 3:45 p.m.10 views

CVE-2026-59154

The CVE affects Wekan (open‑source Kanban) prior to version 9.64. A cross‑board authorization bypass exists in the direct Meteor collection allow rules for Checklists and ChecklistItems: updates are authorized only against the current source doc.cardId and do not inspect destination cardId or boa...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 3:45 p.m.31 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 3:45 p.m.7 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3473

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.5AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Rows per page
Query Builder