Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2026/03/24 3:30 p.m.1 views

CVE-2026-33668 Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV...

7.1CVSS6.3AI score0.00107EPSS
Exploits1References8
Cvelist
Cvelistadded 2026/03/24 3:30 p.m.15 views

CVE-2026-33668 Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV...

7.1CVSS0.00107EPSS
Exploits1References6
CVE
CVEadded 2026/03/24 2:53 p.m.8 views

CVE-2026-33315

The connected GitHub Advisory (GHSA-47CR-F226-R4PQ) documents a 2FA bypass in Vikunja via Caldav Basic Authentication. It shows the Caldav login flow can authenticate with Basic Auth before 2FA checks, allowing access to project information (e.g., project name/description) for 2FA-enabled account...

6.9CVSS5.8AI score0.00112EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.3 views

PT-2026-27445

Name of the Vulnerable Software and Affected Versions Vikunja versions 0.18.0 through 2.2.0 Description Vikunja is a self-hosted task management platform. When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. The API tokens,...

8.1CVSS5.8AI score0.00107EPSS
Exploits1References11
GitLab Advisory Database
GitLab Advisory Databaseadded 2026/03/20 12:0 a.m.6 views

Vikunja has a 2FA Bypass via Caldav Basic Auth

The Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be protected behind 2FA if enabled, such as project name, description, etc...

6.9CVSS5.8AI score0.00112EPSS
Exploits1References6Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2016-1830

Malware in sbrugna...

6.5CVSS6.6AI score0.00413EPSS
Exploits0References2
NVD
NVDadded 2019/08/01 4:15 p.m.13 views

CVE-2016-10836

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav SEC-108...

6.5CVSS6.7AI score0.00413EPSS
Exploits0References1
CVE
CVEadded 2019/08/01 3:51 p.m.39 views

CVE-2016-10836

CVE-2016-10836 affects cPanel prior to version 55.9999.141. The vulnerability allows arbitrary file-read operations during authentication with CalDAV. The issue is confirmed in multiple sources (NVD entry and Red Hat/CVE pages). Affected software: cPanel before 55.9999.141. Root cause: improper f...

6.5CVSS6.7AI score0.00413EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2019/08/01 3:51 p.m.12 views

CVE-2016-10836

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav SEC-108...

6.7AI score0.00413EPSS
Exploits0References1
Rows per page
Query Builder