Lucene search
K

22170 matches found

EUVD
EUVD
added 2026/02/08 1:9 a.m.20 views

EUVD-2026-5823

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

8.8CVSS6.1AI score0.00239EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/08 1:9 a.m.8 views

EUVD-2026-5824

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.7AI score0.00235EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:9 a.m.6 views

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.8AI score0.00235EPSS
Exploits0References7
CVE
CVE
added 2026/02/08 1:9 a.m.58 views

CVE-2026-2205

WeKan up to 8.20 is affected in the Meteor Publication Handler component, specifically the file server/publications/cards.js, allowing information disclosure via a remote attack. The public descriptions indicate upgrading to version 8.21 mitigates the issue and reference the patch 0f5a9c38778ca55...

5.3CVSS4.8AI score0.00235EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/08 12:32 a.m.4 views

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

8.6CVSS6.8AI score0.03916EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.8 views

PT-2026-6944

Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...

5.3CVSS5.3AI score0.00235EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.5 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the Rules Handler component’s file server/publications/rules.js file, which could lead to lack of...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.7 views

PT-2026-6946

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A weakness exists in WeKan related to the Activity Publication Handler component, specifically in the processing of the file server/publications/activities.js. A manipulation of this component can lead ...

6.9CVSS5.2AI score0.00342EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.4 views

PT-2026-6947

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A security issue exists in WeKan related to missing authorization within the Rules Handler component. The problem resides in an unknown function of the file server/publications/rules.js. This can be...

5.3CVSS5.4AI score0.00244EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.4 views

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a access control vulnerability. This vulnerability stemmed from improper handling of the file server/publications/activities.js component in the Activity Publication Handler, which could le...

6.9CVSS6AI score0.00342EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.7 views

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the file server/publications/cards.js component in Meteor Publication Handler, which...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.7 views

WeKan 授权问题漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.18 contained a vulnerability related to authorization. This vulnerability stemmed from improper handling of the setCreateTranslation function in the client/components/settings/translationBody.js file of...

6.5CVSS6.6AI score0.00188EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.6 views

PT-2026-6948

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 8.19 Description A flaw exists in Wekan that allows for improper authorization. This issue is related to the setCreateTranslation function within the client/components/settings/translationBody.js file of the Custom...

6.5CVSS5.4AI score0.00188EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.6 views

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan 8.20 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of files in the “Fileserver/methods/fixDuplicateLists.js” component by the...

8.8CVSS6.6AI score0.00239EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.13 views

WukongCRM 授权问题漏洞

WukongCRM is a Customer Relationship Management CRM system developed by Wukong Corporation in China. Versions of WukongCRM 11.3.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of a file in the component’s URL Handler, specifically the...

8.8CVSS6.6AI score0.00362EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.6 views

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters terminaladdr/serverip/serverport in the Configuration...

8.6CVSS7.1AI score0.03916EPSS
Exploits1References6
NVD
NVD
added 2026/02/07 8:15 p.m.8 views

CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

8.1CVSS0.00386EPSS
Exploits1References4
OSV
OSV
added 2026/02/07 8:15 p.m.3 views

CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

8.1CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-2062

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwcs5chandlemodifybearerresponse/sgwcsxahandlesessionmodificationresponse of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The explo...

7.5CVSS5.3AI score0.00652EPSS
Exploits1References1
CVE
CVE
added 2026/02/07 6:32 p.m.25 views

CVE-2026-2107

CVE-2026-2107 affects yeqifu warehouse (Log Info Handler). Multiple methods in LoginfoController (loadAllLoginfo, deleteLoginfo, batchDeleteLoginfo) enable improper authorization, with remote exploit capability. Public exploit exists; product uses no versioning, so affected/unaffected releases ar...

8.8CVSS6.1AI score0.00326EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder