Lucene search
K

6 matches found

NVD
NVD
added 2026/03/06 8:16 p.m.8 views

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

9.3CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 7:33 p.m.1 views

CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.6 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/06 7:30 p.m.12 views

CVE-2026-30843

Wekan versions 8.32 and 8.33 contain a critical Insecure Direct Object Reference (IDOR) in custom fields update endpoints, allowing cross-board modification of custom fields. The PUT /api/boards/:boardId/custom-fields/:customFieldId endpoint validates board access but uses the field’s _id as a fi...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare versions 8.34 and earlier, which originates from the ability to exit the software and use other open applicatio...

8.4CVSS6.4AI score0.00275EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.4 views

PT-2024-26014 · Unknown · Kioware For Windows

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions all through 8.34 Description: The issue allows an attacker to exit KioWare for Windows and access other opened applications during a short time window before automatic logout. By utilizing built-in functions of...

8.4CVSS6.6AI score0.00275EPSS
Exploits0References4
Rows per page
Query Builder