Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday4 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-59154

The CVE affects Wekan (open‑source Kanban) prior to version 9.64. A cross‑board authorization bypass exists in the direct Meteor collection allow rules for Checklists and ChecklistItems: updates are authorized only against the current source doc.cardId and do not inspect destination cardId or boa...

4.3CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.6 views

PT-2026-6931

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description An authorization issue exists in WeKan where the allowPrivateOnly instance configuration setting is not fully enforced during board creation. When allowPrivateOnly is enabled, users are still able to...

7.1CVSS5.4AI score0.0019EPSS
Exploits0References7
Rows per page
Query Builder