22170 matches found
EUVD-2026-5823
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...
EUVD-2026-5824
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...
CVE-2026-2205
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...
CVE-2026-2205
WeKan up to 8.20 is affected in the Meteor Publication Handler component, specifically the file server/publications/cards.js, allowing information disclosure via a remote attack. The public descriptions indicate upgrading to version 8.21 mitigates the issue and reference the patch 0f5a9c38778ca55...
CVE-2026-2120
A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...
PT-2026-6944
Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the Rules Handler component’s file server/publications/rules.js file, which could lead to lack of...
PT-2026-6946
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A weakness exists in WeKan related to the Activity Publication Handler component, specifically in the processing of the file server/publications/activities.js. A manipulation of this component can lead ...
PT-2026-6947
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A security issue exists in WeKan related to missing authorization within the Rules Handler component. The problem resides in an unknown function of the file server/publications/rules.js. This can be...
WeKan 访问控制错误漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a access control vulnerability. This vulnerability stemmed from improper handling of the file server/publications/activities.js component in the Activity Publication Handler, which could le...
WeKan 访问控制错误漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the file server/publications/cards.js component in Meteor Publication Handler, which...
WeKan 授权问题漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.18 contained a vulnerability related to authorization. This vulnerability stemmed from improper handling of the setCreateTranslation function in the client/components/settings/translationBody.js file of...
PT-2026-6948
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 8.19 Description A flaw exists in Wekan that allows for improper authorization. This issue is related to the setCreateTranslation function within the client/components/settings/translationBody.js file of the Custom...
WeKan 访问控制错误漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan 8.20 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of files in the “Fileserver/methods/fixDuplicateLists.js” component by the...
WukongCRM 授权问题漏洞
WukongCRM is a Customer Relationship Management CRM system developed by Wukong Corporation in China. Versions of WukongCRM 11.3.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of a file in the component’s URL Handler, specifically the...
D-Link DIR-823X 操作系统命令注入漏洞
The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters terminaladdr/serverip/serverport in the Configuration...
CVE-2026-2109
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...
CVE-2026-2109
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...
CVE-2026-2062
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwcs5chandlemodifybearerresponse/sgwcsxahandlesessionmodificationresponse of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The explo...
CVE-2026-2107
CVE-2026-2107 affects yeqifu warehouse (Log Info Handler). Multiple methods in LoginfoController (loadAllLoginfo, deleteLoginfo, batchDeleteLoginfo) enable improper authorization, with remote exploit capability. Public exploit exists; product uses no versioning, so affected/unaffected releases ar...