Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/12 9:9 p.m.3 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00011EPSS
Exploits0References1
NVD
NVDadded 2026/02/07 10:16 p.m.4 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS0.00037EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/07 9:59 p.m.1 views

CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.5AI score0.00037EPSS
Exploits0References3
CVE
CVEadded 2026/02/07 9:59 p.m.5 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where allowPrivateOnly is not sufficiently enforced at board creation time. When enablement is active, users can still create public boards due to incomplete server-side enforcement. Affected products/version range: WeKan

7.1CVSS5.4AI score0.00037EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2026/02/07 12:0 a.m.1 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the configuration setting “allowPrivateOnly” was not fully enforced when creating a dashboard. When...

7.1CVSS5.8AI score0.00037EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/20 3:39 p.m.13 views

CVE-2025-36410 Multiple vulnerabilities found in IBM ApplinX.

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

3.1CVSS0.00064EPSS
Exploits0References1
CVE
CVEadded 2026/01/20 3:39 p.m.7 views

CVE-2025-36410

CVE-2025-36410 affects IBM ApplinX 11.1. An authenticated user could perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. The Red Hat, CIRCL, NVD, and IBM bulletin entries corroborate the same description and indicate the issue resides ...

4.3CVSS5.5AI score0.00064EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder