Lucene search
K

15 matches found

NVD
NVD
added 2026/03/06 8:16 p.m.5 views

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

8.2CVSS0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 7:34 p.m.33 views

CVE-2026-30845 Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

6.9CVSS0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:34 p.m.4 views

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

6.9CVSS5.7AI score0.00291EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23745

🚨 CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...

8.2CVSS5.7AI score0.00291EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.6 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/08 12:30 a.m.5 views

EUVD-2026-5704

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.4AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/07 9:59 p.m.3 views

CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.5AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/02/07 9:59 p.m.10 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where allowPrivateOnly is not sufficiently enforced at board creation time. When enablement is active, users can still create public boards due to incomplete server-side enforcement. Affected products/version range: WeKan

7.1CVSS5.4AI score0.0019EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-44236

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:0 a.m.11 views

BIT-MATTERMOST-2023-3586

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.4CVSS4.8AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2023/07/17 4:15 p.m.17 views

CVE-2023-3586

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.4CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 4:15 p.m.16 views

CVE-2023-3586

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.4CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2023/07/17 4:15 p.m.13 views

Design/Logic Flaw

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/17 3:25 p.m.43 views

CVE-2023-3586

Mattermost CVE-2023-3586 describes a flaw where the option Enable Publicly-Shared Boards can be disabled, but existing publicly shared Boards remain accessible. The issue affects the public boards feature in Mattermost; the underlying problem is that disabling the feature does not revoke or disab...

5.4CVSS4.8AI score0.00234EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 3:25 p.m.14 views

CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

4.2CVSS6.8AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder