PT-2026-33455

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.19 Description A heap-based buffer overflow exists in the nip2 Handler component within the im minpos vec function of the file libvips/deprecated/vips7compat.c. This issue occurs when the argument n is manipulated,...

EUVD-2026-5707

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

EUVD-2026-5704

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

CVE-2026-25562

CVE-2026-25562 affects WeKan versions prior to 8.19. Multiple connected sources (PT-2026-6925, Red Hat, NVD/NVD-linked entries) describe an information disclosure where attachment metadata can be returned without proper scoping to boards/cards accessible to the user. Root cause: the system does n...

PT-2026-6923

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an LDAP filter injection issue in LDAP authentication. User-supplied input from the username is used in LDAP search filters and DN-related values without proper escaping. This allo...

PT-2026-6929

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description An authorization issue exists in the card move logic of the software. A user can define a destination board, list, or swimlane without sufficient authorization verification for the destination. The syst...

PT-2026-6930

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an insecure direct object reference IDOR in the card comment creation API. The API endpoint accepts an authorId from the request body, which allows an authenticated user to spoof the...

PT-2026-6931

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description An authorization issue exists in WeKan where the allowPrivateOnly instance configuration setting is not fully enforced during board creation. When allowPrivateOnly is enabled, users are still able to...