5202 matches found
CVE-2026-53447
Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...
CVE-2026-52892
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication.checkBoardWriteAccess for mutating custom-field routes. A read-only board member can call POST,...
CVE-2026-55234
Wekan (open source Kanban on Meteor) has a cross-board write flaw in versions before 9.37. The DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js validate only the stored boardId and do not verify a new boardId in the update mod...
CVE-2026-53445
CVE-2026-53445 (Wekan) : Affected component is Wekan’s copyBoard DDP publication (server/publications/boards.js). Before version 9.32, the copy operation copied a board by caller-supplied boardId without validating this.userId, membership, or admin access, enabling any authenticated user to copy ...
CVE-2026-52892
Summary: CVE-2026-52892 affects Wekan, an open‑source Kanban app built on Meteor. Before version 9.32, REST handlers in server/models/customFields.js checked read‑level access (Authentication.checkBoardAccess) for mutating custom-field routes, instead of write‑level access (Authentication.checkBo...
CVE-2026-52890
CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...
CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-58660
Kanboard
WordPress Simple Job Board - Unauthorized Data Access
The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...
PT-2026-60318
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication.checkBoardWriteAccess for mutating custom-field routes. This allows a...
CVE-2026-59154
Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...
CVE-2026-39903
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards
Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...
EUVD-2026-42935
Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...
CVE-2026-13334
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-13334
The Mang Board WP plugin for WordPress is affected by a Reflected Cross-Site Scripting (XSS) vulnerability via the 'stag' parameter in all versions up to and including 2.3.4. The root cause is insufficient input sanitization and output escaping, allowing unauthenticated attackers to cause script ...
CVE-2026-13334 Mang Board WP <= 2.3.4 - Reflected Cross-Site Scripting via 'stag' Parameter
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PYSEC-2026-524 ReviewBoard and Djblets library are vulnerable to code execution
An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel crashed during suspension if ath11k could not find the board file: 473.693286 PM: Suspending system s2idle 473.693291 printk: Suspendi...
CVE-2026-54106
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...