Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.4 views

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:9 a.m.7 views

CVE-2026-2208

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended ...

5.3CVSS4.6AI score0.00244EPSS
Exploits0References7
CVE
CVE
added 2026/02/08 1:9 a.m.14 views

CVE-2026-2208

WeKan up to version 8.20 contains a vulnerability in the Rules Handler, specifically an unknown function within server/publications/rules.js that allows missing authorization. The issue can be exploited remotely, enabling an attacker to access without proper authorization. It is mitigated by upda...

6.5CVSS4.6AI score0.00244EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/08 1:9 a.m.34 views

CVE-2026-2206 WeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access control

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

6.5CVSS0.00239EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/08 1:9 a.m.8 views

EUVD-2026-5824

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.7AI score0.00235EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.10 views

CVE-2026-1962

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is...

9.8CVSS5.8AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.4 views

CVE-2026-1964

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

5.3CVSS4.7AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 12:30 a.m.15 views

EUVD-2026-5524

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

5.3CVSS5AI score0.00218EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:32 p.m.4 views

CVE-2026-1964

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

5.3CVSS5AI score0.00218EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/05 9:32 p.m.28 views

CVE-2026-1964 WeKan REST Endpoint boards.js BoardTitleRESTBleed access control

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

5.3CVSS0.00218EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/05 9:2 p.m.5 views

EUVD-2026-5526

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

6.5CVSS4.9AI score0.00323EPSS
Exploits0References6
NVD
NVD
added 2026/02/05 1:15 a.m.6 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS0.003EPSS
Exploits0References6
CVE
CVE
added 2026/02/04 11:32 p.m.19 views

CVE-2026-1896

WeKan up to version 8.20 is affected by a vulnerability in ComprehensiveBoardMigration (server/migrations/comprehensiveBoardMigration.js) where manipulating the boardId argument leads to improper access controls. The issue is remote in nature. A fix is available in WeKan 8.21, with patch identifi...

6.5CVSS6AI score0.00276EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/02/04 11:15 p.m.7 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS0.00236EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 11:2 p.m.24 views

CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

6.5CVSS0.00276EPSS
Exploits0References7
Rows per page
Query Builder