Количество 3
Количество 3
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier.
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object referen ...
GHSA-9w3f-qqh3-w7fc
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. | 0% Низкий | 3 дня назад | |
| CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object referen ... | 0% Низкий | 3 дня назад | |
| GHSA-9w3f-qqh3-w7fc WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. | 0% Низкий | 3 дня назад |
Уязвимостей на страницу