| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41455 | WeKan < 8.35 SSRF via Webhook URL | wekan | wekan | High | 8.5 | 2026-04-22 21:09:30 | Deep Dive |
| CVE-2026-41454 | WeKan < 8.35 Missing Authorization via Integration REST API | wekan | wekan | High | 8.3 | 2026-04-22 21:08:39 | Deep Dive |
| CVE-2026-30847 | Wekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session Tokens | Wekan | Wekan | 中危 | - | 2026-03-06 19:37:19 | Deep Dive |
| CVE-2026-30846 | Wekan Exposes All Global Webhook Integrations through globalwebhooks Publication | Wekan | Wekan | 中危 | - | 2026-03-06 19:36:00 | Deep Dive |
| CVE-2026-30845 | Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication | Wekan | Wekan | 中危 | - | 2026-03-06 19:34:29 | Deep Dive |
| CVE-2026-30844 | Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading | Wekan | Wekan | 中危 | - | 2026-03-06 19:33:06 | Deep Dive |
| CVE-2026-30843 | Wekan has Cross-Board IDOR in Custom Fields Update Endpoints | Wekan | Wekan | 中危 | - | 2026-03-06 19:30:38 | Deep Dive |
| CVE-2026-2209 | WeKan Custom Translation translationBody.js setCreateTranslation improper authorization | - | WeKan | Medium | 6.3 | 2026-02-08 01:14:34 | Deep Dive |
| CVE-2026-2208 | WeKan Rules rules.js RulesBleed authorization | - | WeKan | Medium | 4.3 | 2026-02-08 01:09:42 | Deep Dive |
| CVE-2026-2207 | WeKan Activity Publication activities.js LinkedBoardActivitiesBleed information disclosure | - | WeKan | Medium | 5.3 | 2026-02-08 01:09:39 | Deep Dive |
| CVE-2026-2206 | WeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access control | - | WeKan | Medium | 6.3 | 2026-02-08 01:09:36 | Deep Dive |
| CVE-2026-2205 | WeKan Meteor Publication cards.js CardPubSubBleed information disclosure | - | WeKan | Medium | 4.3 | 2026-02-08 01:09:33 | Deep Dive |
| CVE-2026-25859 | WeKan < 8.20 Migration Functionality Insufficient Permission Checks | WeKan | WeKan | - | - | 2026-02-07 21:59:42 | Deep Dive |
| CVE-2026-25568 | WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass | WeKan | WeKan | - | - | 2026-02-07 21:59:14 | Deep Dive |
| CVE-2026-25567 | WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId | WeKan | WeKan | - | - | 2026-02-07 21:58:54 | Deep Dive |
| CVE-2026-25566 | WeKan < 8.19 Cross-board Card Move Without Destination Authorization | WeKan | WeKan | - | - | 2026-02-07 21:58:33 | Deep Dive |
| CVE-2026-25565 | WeKan < 8.19 Read-only Board Roles Can Update Cards | WeKan | WeKan | - | - | 2026-02-07 21:58:13 | Deep Dive |
| CVE-2026-25564 | WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation | WeKan | WeKan | - | - | 2026-02-07 21:57:51 | Deep Dive |
| CVE-2026-25563 | WeKan < 8.19 Checklist Creation Cross-Board IDOR | WeKan | WeKan | - | - | 2026-02-07 21:57:32 | Deep Dive |
| CVE-2026-25562 | WeKan < 8.19 Attachments Publication Information Disclosure | WeKan | WeKan | - | - | 2026-02-07 21:57:12 | Deep Dive |