6 matches found
EUVD-2025-203372
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...
EUVD-2025-203375
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...
CVE-2025-65779
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...
CVE-2025-65781
Wekan up to v18.15 contains an issue in the Attachment Upload API where the Authorization Bearer value is treated as a userId, causing a non-terminating body-handling path for any non-empty bearer token. This leads to an application-layer DoS and latent identity-spoofing. The vulnerability affect...
PT-2025-51218
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 18.16 Description An issue exists in Wekan, an open-source kanban board system, where unauthenticated attackers can modify a board's "sort" value. The Boards.allow function does not verify the user ID, enabling...
PT-2025-51220
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...