Lucene search
K

31 matches found

CVE
CVE
added 2026/03/06 7:35 p.m.12 views

CVE-2026-30846

Wekan versions 8.31.0–8.33 expose all global webhook integrations (including sensitive URL and token fields) via the globalwebhooks publication without server-side access control. Any DDP client, even unauthenticated, can subscribe and receive the data, enabling an attacker to retrieve webhook UR...

8.7CVSS5.7AI score0.00345EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 7:35 p.m.35 views

CVE-2026-30846 Wekan Exposes All Global Webhook Integrations through globalwebhooks Publication

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—without performing any authentication check on the server side. Although the subscription is...

8.7CVSS0.00345EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 7:34 p.m.6 views

EUVD-2026-10064

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

6.9CVSS5.7AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 7:34 p.m.34 views

CVE-2026-30845 Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

6.9CVSS0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23745

🚨 CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...

8.2CVSS5.7AI score0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.14 views

PT-2026-23746

🚨 CVE-2026-30846 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—without performing any authentication check on the server side. Although the...

8.7CVSS5.7AI score0.00345EPSS
Exploits0References5
OSV
OSV
added 2025/11/06 11:48 p.m.7 views

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5766

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References3
Veracode
Veracode
added 2025/05/29 7:0 a.m.10 views

Server Side Request Forgery (SSRF)

@strapi/admin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of webhook URLs, allowing requests to internal domains such as localhost and 127.0.0.1...

7.5CVSS6.8AI score0.00483EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 a.m.11 views

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.17 views

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.4AI score0.00927EPSS
Exploits0References2
Rows per page
Query Builder