Vulnerabilidades em WeKan
17 resultadosCVE-2026-25560HIGHWeKan < 8.19 LDAP Authentication Filter InjectionEPSS 0.7%CVE-2026-30846HIGHWekan Exposes All Global Webhook Integrations through globalwebhooks PublicationEPSS 0.3%CVE-2026-25859HIGHWeKan < 8.20 Migration Functionality Insufficient Permission ChecksEPSS 0.3%CVE-2026-30845MEDIUMWekan Exposes Sensitive Data through Lack of Field Filtering During Board PublicationEPSS 0.3%CVE-2026-25562MEDIUMWeKan < 8.19 Attachments Publication Information DisclosureEPSS 0.3%CVE-2026-25563HIGHWeKan < 8.19 Checklist Creation Cross-Board IDOREPSS 0.3%CVE-2026-25564HIGHWeKan < 8.19 Checklist Deletion IDOR via Missing Relationship ValidationEPSS 0.3%CVE-2026-25561HIGHWeKan < 8.19 Attachment Upload Object Relationship Validation BypassEPSS 0.3%CVE-2026-25565HIGHWeKan < 8.19 Read-only Board Roles Can Update CardsEPSS 0.3%CVE-2026-41454HIGHWeKan < 8.35 Missing Authorization via Integration REST APIEPSS 0.3%CVE-2026-25567MEDIUMWeKan < 8.19 Card Comment Author Spoofing via User-controlled authorIdEPSS 0.2%CVE-2026-41455MEDIUMWeKan < 8.35 SSRF via Webhook URLEPSS 0.2%CVE-2026-30844CRITICALWekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL LoadingEPSS 0.2%CVE-2026-30847CRITICALWekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session TokensEPSS 0.2%CVE-2026-25566HIGHWeKan < 8.19 Cross-board Card Move Without Destination AuthorizationEPSS 0.2%CVE-2026-30843CRITICALWekan has Cross-Board IDOR in Custom Fields Update EndpointsEPSS 0.2%CVE-2026-25568HIGHWeKan < 8.19 allowPrivateOnly Setting Enforcement BypassEPSS 0.2%