CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

CVE-2026-30843 Wekan has Cross-Board IDOR in Custom Fields Update Endpoints

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

PT-2026-23745

🚨 CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions 8.32 and 8.33 of WeKan contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow unauthorized users to modify custom fields across dashboards...

PT-2023-14564 · Kioware · Kioware

Name of the Vulnerable Software and Affected Versions: KioWare versions through 8.33 Description: The issue allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code because KioWare sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin. Recommendations: Fo...