wekan

Top products

The 15 most recently published vulnerabilities affecting wekan.

• CVE-2026-41455WeKan < 8.35 SSRF via Webhook URL8.5Apr 22, 2026
• CVE-2026-41454WeKan < 8.35 Missing Authorization via Integration REST API8.3Apr 22, 2026
• CVE-2026-30847Wekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session Tokens6.5Mar 6, 2026
• CVE-2026-30846Wekan Exposes All Global Webhook Integrations through globalwebhooks Publication7.5Mar 6, 2026
• CVE-2026-30845Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication8.2Mar 6, 2026
• CVE-2026-30844Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading8.1Mar 6, 2026
• CVE-2026-30843Wekan has Cross-Board IDOR in Custom Fields Update Endpoints6.5Mar 6, 2026
• CVE-2026-25859WeKan < 8.20 Migration Functionality Insufficient Permission Checks8.8Feb 7, 2026
• CVE-2026-25568WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass4.3Feb 7, 2026
• CVE-2026-25567WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId4.3Feb 7, 2026
• CVE-2026-25566WeKan < 8.19 Cross-board Card Move Without Destination Authorization5.4Feb 7, 2026
• CVE-2026-25565WeKan < 8.19 Read-only Board Roles Can Update Cards6.5Feb 7, 2026
• CVE-2026-25564WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation7.5Feb 7, 2026
• CVE-2026-25563WeKan < 8.19 Checklist Creation Cross-Board IDOR7.5Feb 7, 2026
• CVE-2026-25562WeKan < 8.19 Attachments Publication Information Disclosure4.3Feb 7, 2026