Lucene search
+L

8 matches found

NVD
NVD
added last week7 views

CVE-2026-59154

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
EUVD
EUVD
added last week7 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 11:15 p.m.9 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS0.00236EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/04 10:32 p.m.4 views

CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 10:32 p.m.27 views

CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS0.00236EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:32 p.m.6 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References7
CVE
CVE
added 2026/02/04 10:32 p.m.18 views

CVE-2026-1894

WeKan up to 8.20 is affected in the REST API component, specifically the file models/checklistItems.js. Manipulating the arguments item.cardId, item.checklistId, or card.boardId can lead to improper authorization and remote exploitation. A fix is available in version 8.21; apply the official patc...

6.5CVSS5AI score0.00236EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder