Lucene search
K

390 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-59154

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-59154

The CVE affects Wekan (open‑source Kanban) prior to version 9.64. A cross‑board authorization bypass exists in the direct Meteor collection allow rules for Checklists and ChecklistItems: updates are authorized only against the current source doc.cardId and do not inspect destination cardId or boa...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS5.5AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.9 views

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 12:31 a.m.5 views

EUVD-2026-25118

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/23 12:31 a.m.3 views

EUVD-2026-25117

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 10:16 p.m.5 views

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 10:16 p.m.5 views

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 9:9 p.m.8 views

CVE-2026-41455 WeKan < 8.35 SSRF via Webhook URL

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:9 p.m.5 views

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 9:9 p.m.11 views

CVE-2026-41455

CVE-2026-41455 affects WeKan

8.5CVSS6AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 9:9 p.m.34 views

CVE-2026-41455 WeKan < 8.35 SSRF via Webhook URL

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 9:8 p.m.10 views

CVE-2026-41454

CVE-2026-41454 affects WeKan

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 9:8 p.m.3 views

CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 9:8 p.m.26 views

CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS0.00274EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:8 p.m.6 views

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

WeKan 代码问题漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.35 contained code vulnerabilities. These vulnerabilities stemmed from the webhook integration URL processing, where the url pattern field allowed any string without protocol restrictions or target...

8.5CVSS5.9AI score0.00236EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.35 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks for Integration REST API endpoints, which could allow authenticated dashboard members to perfo...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder