5 matches found
CVE-2026-53444
Wekan (open-source Kanban, Meteor-based) prior to v9.32 had missing authorization on OIDC-related Meteor methods (e.g., setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, groupRoutineOnLogin) in packages/wekan-oidc/oidc_server.js a...
CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards
Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...
PT-2026-60322
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description A Server-Side Request Forgery SSRF exists where webhook integration URLs in models/integrations.js are stored from user input and subsequently fetched by server/notifications/outgoing.js. The process...
Micro Focus Project and Portfolio Management Center Cross-Site Request Forgery Vulnerability
Micro Focus Project and Portfolio Management Center is a suite of project portfolio management software from Micro Focus UK. The software manages hybrid projects by integrating agile tools such as ALM Octane, Agile Manager and CA Rally. A cross-site request forgery vulnerability exists in Micro...
CVE-2017-14361
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack...