Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authent
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including o
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.ca
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPriva
CVE-2026-30843
CRITICAL CVSS 9.3
Find Similar
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference (IDOR) issue which could allow unauthorized users to modify custom fields
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination a
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering,
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html), allowing
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Rem
A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipu
WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users wit
A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Perform
A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the compo
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users
A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translatio
CVE-2026-30844
CRITICAL CVSS 9.3
Find Similar
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery (SSRF) via attachment URL loading. During board import in Wekan, attachment
A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a
Page 1+ Next →