📦 Wekan

This vulnerability allows attackers to upload malicious attachments that are served with HTML content types, enabling cross-site scripting (XSS) attacks within the Wekan application's origin. Attacker...

CVE-2025-65779 is an improper access control vulnerability in Wekan that allows unauthenticated attackers to modify the sort order of boards. This affects all Wekan deployments running versions up to ...

Authenticated users in Wekan versions up to 18.15 can modify their entire user document, including organization/team memberships and account status fields, due to missing server-side authorization che...

This vulnerability in Wekan allows attackers to cause application-layer denial of service (DoS) by sending any non-empty Authorization bearer token to the attachment upload API. The system incorrectly...

This vulnerability in WeKan allows remote attackers to access sensitive information through the Meteor Publication Handler in the cards.js component. It affects all WeKan instances up to version 8.20....

This vulnerability in WeKan allows improper access controls through the Administrative Repair Handler component. Attackers can remotely exploit this flaw to potentially gain unauthorized administrativ...

This CVE describes a missing authorization vulnerability in WeKan's Rules Handler component that allows unauthorized access to functionality. Attackers can exploit this remotely to perform actions wit...

This vulnerability in WeKan allows remote attackers to bypass authorization controls in the custom translation handler. Attackers can manipulate translation settings without proper permissions. All We...

This vulnerability in WeKan versions up to 8.20 allows remote attackers to access sensitive information through the Activity Publication Handler component. The weakness in the activities.js file enabl...

This CVE describes an authorization vulnerability in WeKan's card movement functionality. Users can move cards to boards, lists, or swimlanes without proper authorization checks for the destination, p...

This vulnerability in WeKan allows improper access controls through the REST endpoint, potentially enabling unauthorized access to board data. It affects WeKan installations up to version 8.20. Remote...

This CVE describes an improper access control vulnerability in WeKan's attachment storage component. Attackers can remotely exploit this to access or manipulate attachments they shouldn't have permiss...

This vulnerability in WeKan's attachment migration component allows attackers to bypass access controls and potentially access or manipulate attachments they shouldn't have permission to. It affects a...

This vulnerability in WeKan allows attackers to bypass authorization checks in the REST API by manipulating card/board ID parameters. Remote attackers can potentially access or modify data they should...

CVE-2026-1895 is an improper access control vulnerability in WeKan's attachment storage handler that allows remote attackers to bypass intended restrictions. This affects WeKan versions up to 8.20, po...

An authorization flaw in Wekan's card update handling allows authenticated board members to manipulate vote arrays by adding/removing arbitrary user IDs. This enables vote forgery and unauthorized vot...