Lucene search
+L

4 matches found

cvelist
cvelist
added yesterday36 views

CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS0.00041EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/02/09 1:33 a.m.5 views

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.7AI score0.00235EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/08 1:9 a.m.9 views

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/02/08 12:0 a.m.9 views

PT-2026-6944

Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...

5.3CVSS5.3AI score0.00235EPSS
Exploits0References8
Rows per page
Query Builder