10 matches found
EUVD-2026-5711
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
CVE-2026-25563
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
PT-2026-6927
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied...
CVE-2025-59098
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
EUVD-2025-206362
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
SAMSUNG Mobile devices Messaging 安全漏洞
Samsung Message App is a messaging feature for Samsung SAMSUNG mobile devices.Samsung Message App is vulnerable to an information disclosure vulnerability that stems from exposing sensitive information when the application is messaging. An attacker could exploit the vulnerability to access IMSI a...
SAMSUNG Mobile devices CID Manager 日志信息泄露漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. An information disclosure vulnerability exists in SAMSUNG Mobile devices CID Manager, which originates from exposing sensitive information during...