Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEā€¢added 2026/03/08 1:44 a.m.ā€¢1 views

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

9.3CVSS5.7AI score0.0004EPSS
Exploits0References1
NVD
NVDā€¢added 2026/03/06 8:16 p.m.ā€¢1 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS0.0004EPSS
Exploits0References3
NVD
NVDā€¢added 2026/03/06 8:16 p.m.ā€¢1 views

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS0.00037EPSS
Exploits0References3
EUVD
EUVDā€¢added 2026/03/06 7:37 p.m.ā€¢2 views

EUVD-2026-10066

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

9.3CVSS5.7AI score0.0004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBā€¢added 2026/03/06 7:30 p.m.ā€¢1 views

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS5.8AI score0.00037EPSS
Exploits0References4Affected Software1
OSV
OSVā€¢added 2026/03/06 7:30 p.m.ā€¢0 views

CVE-2026-30843 Wekan has Cross-Board IDOR in Custom Fields Update Endpoints

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS5.8AI score0.00037EPSS
Exploits0References5
Positive Technologies
Positive Technologiesā€¢added 2026/03/06 12:0 a.m.ā€¢2 views

PT-2026-23745

šŸšØ CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...

8.2CVSS5.7AI score0.00087EPSS
Exploits0References5
Rows per page
Query Builder