Lucene search
+L

5 matches found

CVE
CVE
added 4 days ago11 views

CVE-2026-53444

Wekan (open-source Kanban, Meteor-based) prior to v9.32 had missing authorization on OIDC-related Meteor methods (e.g., setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, groupRoutineOnLogin) in packages/wekan-oidc/oidc_server.js a...

7.6CVSS6.1AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-53445 Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60322

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description A Server-Side Request Forgery SSRF exists where webhook integration URLs in models/integrations.js are stored from user input and subsequently fetched by server/notifications/outgoing.js. The process...

6.2CVSS6.1AI score0.00286EPSS
Exploits0References5
CNVD
CNVD
added 2017/12/15 12:0 a.m.7 views

Micro Focus Project and Portfolio Management Center Cross-Site Request Forgery Vulnerability

Micro Focus Project and Portfolio Management Center is a suite of project portfolio management software from Micro Focus UK. The software manages hybrid projects by integrating agile tools such as ALM Octane, Agile Manager and CA Rally. A cross-site request forgery vulnerability exists in Micro...

7.3CVSS6.9AI score0.00497EPSS
Exploits0References1
OSV
OSV
added 2017/12/13 1:29 a.m.3 views

CVE-2017-14361

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack...

7.4CVSS5.8AI score0.01036EPSS
Exploits0References2
Rows per page
Query Builder