GHSA-P9W9-87C8-M235 Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest

Summary The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL smcacsurl stored in the database for the...

CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

CVE-2026-25566

The connected documents confirm a concrete vulnerability in WeKan versions prior to 8.19: an authorization flaw in the card move logic allows a user to specify a destination board, list, or swimlane without proper authorization checks and without validating that the destination items belong to th...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...