CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

CVE-2026-2207

WeKan up to 8.20 contains a vulnerability in the Activity Publication Handler, specifically in processing of the file server/publications/activities.js. A manipulation of this component can lead to information disclosure and is exploitable remotely. The issue is addressed by upgrading to version ...

CVE-2026-2205 WeKan Meteor Publication cards.js CardPubSubBleed information disclosure

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

CVE-2026-1963 WeKan Attachment Storage attachments.js MoveStorageBleed access control

A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...

CVE-2026-1962 WeKan Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

PT-2026-6074

Name of the Vulnerable Software and Affected Versions WeKan versions up to 8.20 Description A flaw exists in WeKan, specifically within the Attachment Storage Handler component. The issue resides in the applyWipLimit function located in the models/lists.js file. Exploitation of this flaw can lead...

Open-Xchange App Suite 安全漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite version 8.21 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability that could allow an attacker to...

Atlassian Jira 8.21.x < 8.22.4 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.13.22, 8.14.x prior to 8.20.10 or 8.21.x prior to 8.21.4. It is, therefore, affected by a vulnerability allowing a remote, authenticated user including a user who join...

ALZip MIM File Processing Buffer Overflow Vulnerability

This host has ALZip installed and is prone to buffer overflow vulnerability. Vulnerabilities Insight: The flaw is due to an error in libETC.dll when processing the 'filename' field within MIM files. OpenVAS Vulnerabilities Test $Id: gbalzipmimbofvuln.nasl 6969 2017-08-21 05:56:59Z asteins $ ALZip...

ALZip <= 8.21 MIM File Processing Buffer Overflow Vulnerability

ALZip is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALZip vulnerable to buffer overflow

Overview ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability. ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Takahiko Funakubo of Fourteenforty Research...