CVE-2025-65782

Medium CVSS: 6.5

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting.

Vendor

Wekan Project

Product

Wekan

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-12-15 14:15:57

Güncelleme

2025-12-23 18:08:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

NVD-CWE-noinfo Wekan MEDIUM Wekan Project 2025

Referanslar

https://github.com/wekan/wekan https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9c https://wekan.fi/hall-of-fame/spacebleed/

Benzer Kayıtlar

Critical

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forg…

Medium

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication…

High

CVE-2026-30846

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication e…

Critical

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publicatio…

Critical

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Ref…

Medium

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/public…