Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.5 views

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

9.8CVSS5.4AI score0.00654EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/08 12:30 a.m.4 views

EUVD-2026-5711

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.5CVSS5.4AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.10 views

PT-2026-6948

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 8.19 Description A flaw exists in Wekan that allows for improper authorization. This issue is related to the setCreateTranslation function within the client/components/settings/translationBody.js file of the Custom...

6.5CVSS5.4AI score0.00188EPSS
Exploits0References8
NVD
NVD
added 2026/02/07 10:16 p.m.11 views

CVE-2026-25562

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users...

5.3CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/02/07 9:58 p.m.17 views

CVE-2026-25565

CVE-2026-25565 affects WeKan versions prior to 8.19. Affected component: card update API paths. Root cause: authorization check only validates board read access, not write permission, enabling users with read-only roles to perform card updates that should require write access. Impact: unauthorize...

7.1CVSS5.3AI score0.00277EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:57 p.m.4 views

CVE-2026-25563

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

7.1CVSS5.3AI score0.0028EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/07 9:56 p.m.28 views

CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.1CVSS0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.9 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the card movement logic, where users could specify target dashboards, lists, or channels without proper authorization checks, an...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6926

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied...

7.1CVSS5.4AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2021/12/08 4:15 a.m.3 views

CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

5.3CVSS5.8AI score0.00804EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/30 12:0 a.m.4 views

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

5.3CVSS6AI score0.01422EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/09/15 6:30 p.m.4 views

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS7.3AI score0.02522EPSS
Exploits0References5
OSV
OSV
added 2018/07/18 1:29 p.m.4 views

CVE-2018-2920

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: API frameworks. The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols ...

7.4CVSS7.2AI score0.01168EPSS
Exploits0References3
Rows per page
Query Builder