CVE-2025-65780

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document beyond profile fields, including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privileg...

CVE-2025-65779

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...

WeKan 安全漏洞

WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan version 18.15 and earlier, which stems from the fact that uploaded attachments can use an attacker-controlled Content-Type, which could lead to the execution of attacker-supplied HTML or JS...

WeKan 安全漏洞

WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan versions 18.15 and earlier, which stems from an unauthenticated attacker being able to update the board's sort value, potentially leading to arbitrary reordering...