Lucene search
+L

686 matches found

nvd
nvd
added yesterday5 views

CVE-2026-55234

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any...

8.5CVSS
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-53445

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS0.00041EPSS
Exploits0References3
cve
cve
added yesterday10 views

CVE-2026-55234

Wekan (open source Kanban on Meteor) has a cross-board write flaw in versions before 9.37. The DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js validate only the stored boardId and do not verify a new boardId in the update mod...

8.5CVSS6.1AI score
Exploits0References3
cvelist
cvelist
added yesterday37 views

CVE-2026-55234 Wekan: Broken access control: any authenticated user can move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any...

8.5CVSS
Exploits0References3
cve
cve
added yesterday9 views

CVE-2026-53447

Wekan (open-source Kanban) contains a vulnerability in the cloneBoard Meteor method prior to version 9.35. The method in models/import.js uses a caller-supplied sourceBoardId to export a board via models/exporter.js without canExport checks or membership verification. As a result, any authenticat...

6.5CVSS6.1AI score0.00026EPSS
Exploits0References3
cvelist
cvelist
added yesterday35 views

CVE-2026-53447 Wekan: `cloneBoard` Meteor method has no authorization check — any user can clone (read) any private board by ID

Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...

6.5CVSS0.00026EPSS
Exploits0References3
cve
cve
added yesterday10 views

CVE-2026-53445

CVE-2026-53445 (Wekan) : Affected component is Wekan’s copyBoard DDP publication (server/publications/boards.js). Before version 9.32, the copy operation copied a board by caller-supplied boardId without validating this.userId, membership, or admin access, enabling any authenticated user to copy ...

7.1CVSS6.1AI score0.00041EPSS
Exploits0References3
cvelist
cvelist
added yesterday36 views

CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS0.00041EPSS
Exploits0References3
ptsecurity
ptsecurity
added yesterday5 views

PT-2026-60323

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.35 Description The cloneBoard Meteor method in models/import.js fails to invoke the canExport function or verify membership of the source board when using the sourceBoardId variable. This allows an authenticated user...

6.5CVSS6.1AI score0.00026EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago29 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
euvd
euvd
added 6 days ago7 views

EUVD-2026-42935

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
cve
cve
added 6 days ago9 views

CVE-2026-59154

The CVE affects Wekan (open‑source Kanban) prior to version 9.64. A cross‑board authorization bypass exists in the direct Meteor collection allow rules for Checklists and ChecklistItems: updates are authorized only against the current source doc.cardId and do not inspect destination cardId or boa...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References3
osv
osv
added 6 days ago4 views

CVE-2026-59154 Wekan: Checklist direct DDP updates can write checklist data into private boards

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.8 views

CVE-2026-3473

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.5AI score0.00149EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.15 views

PT-2026-44873

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature id parameter of boards buttons/update feature.php. The feature id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.13 views

Kados R10 GreenBee SQL注入漏洞

Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.15 views

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
osv
osv
added 2026/05/26 1:30 p.m.3 views

GHSA-7PF2-9C95-W332 Mattermost doesn't validate file ownership and access control

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References3
snyk
snyk
added 2026/05/22 1:44 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Boards API when file ownership and access control are not properly validated. An attacker can gain unauthorized access to and download files belonging to other users or teams by...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
Rows per page
Query Builder