Wekan
by Wekan
Source repositories
CVEs (22)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-65779 | 0.00 | — | 0.00 | Dec 15, 2025 | An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards. | ||
| CVE-2025-65781 | 0.00 | — | 0.00 | Dec 15, 2025 | An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing. |
- CVE-2025-65779Dec 15, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards.
- CVE-2025-65781Dec 15, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.
Page 2 of 2