13 matches found
CVE-2026-25560
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...
EUVD-2026-5711
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
PT-2026-6948
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 8.19 Description A flaw exists in Wekan that allows for improper authorization. This issue is related to the setCreateTranslation function within the client/components/settings/translationBody.js file of the Custom...
CVE-2026-25562
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users...
CVE-2026-25565
CVE-2026-25565 affects WeKan versions prior to 8.19. Affected component: card update API paths. Root cause: authorization check only validates board read access, not write permission, enabling users with read-only roles to perform card updates that should require write access. Impact: unauthorize...
CVE-2026-25563
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the card movement logic, where users could specify target dashboards, lists, or channels without proper authorization checks, an...
PT-2026-6926
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied...
CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...
CVE-2021-39118
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...
mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2018-2920
Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: API frameworks. The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols ...