5.3
CVE-2026-1963 - WeKan Attachment Storage attachments.js MoveStorageBleed access control
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch…
5.3
CVE-2026-1962 - WeKan Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control
A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is suf…
9.3
CVE-2026-0106 -
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
5.3
CVE-2025-12131 - Truncated 802.15.4 packet leads to denial of service
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
6.8
CVE-2026-1301 - Out-of-bounds Write in o6 Automation GmbH Open62541
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
