2 matches found
CVE-2026-30847
creationtimestamp| type| source ---|---|--- 2026-03-06 20:54:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgg72mcthh2d...
CVE-2026-30847
Summary : Wekan versions 8.31.0–8.33 are affected by an insecure publication in the notificationUsers publication, which returns complete user documents with no field filtering. This exposes highly sensitive fields (bcrypt password hashes, active session login tokens, email verification tokens, f...