15 matches found
CVE-2026-30845
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...
CVE-2026-30845 Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...
CVE-2026-30845
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...
PT-2026-23745
🚨 CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...
CVE-2026-25568
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...
EUVD-2026-5704
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...
CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...
CVE-2026-25568
WeKan versions prior to 8.19 contain an authorization logic vulnerability where allowPrivateOnly is not sufficiently enforced at board creation time. When enablement is active, users can still create public boards due to incomplete server-side enforcement. Affected products/version range: WeKan
EUVD-2023-44236
Malicious code in bioql PyPI...
BIT-MATTERMOST-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...
Design/Logic Flaw
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...
CVE-2023-3586
Mattermost CVE-2023-3586 describes a flaw where the option Enable Publicly-Shared Boards can be disabled, but existing publicly shared Boards remain accessible. The issue affects the public boards feature in Mattermost; the underlying problem is that disabling the feature does not revoke or disab...
CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...