3 matches found
CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...
EUVD-2024-0061
Malicious code in bioql PyPI...
CVE-2024-6221
CVE-2024-6221 affects corydolphin/flask-cors 4.0.1, where the Access-Control-Allow-Private-Network header can be enabled by default due to an improper access-control configuration. This can allow private network resources to be exposed to external actors. Public-facing advisories (IBM and EU/NVD ...