CVE-2026-35601 Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar propert...

EUVD-2026-21428

Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output...

GHSA-2G7H-7RQR-9P4R Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output

Summary The CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as...

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

CVE-2026-3199

CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...

Lexmark Printers Denial of Service (CVE-2019-11358)

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. This can lead to a denial of service, remote code execution, or property injection...

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

EUVD-2021-1008

Malware in sbrugna...

EUVD-2019-0238

Malware in sbrugna...

EUVD-2012-4140

Malware in sbrugna...

EUVD-2021-0536

Malware in sbrugna...

EUVD-2019-0333

Malware in sbrugna...

EUVD-2021-7545

Malicious code in bioql PyPI...

EUVD-2022-4938

Malicious code in bioql PyPI...

EUVD-2022-3844

Malicious code in bioql PyPI...

PT-2025-39323

Name of the Vulnerable Software and Affected Versions node-cube versions prior to 5.0.0 Description The node-cube package has an issue in how it initializes the prototype chain, potentially allowing an attacker to add properties to the prototype of built-in objects. This occurs due to insufficien...

TencentOS Server 4: crun (TSSA-2024:0811)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0811 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Prototype Pollution

radashi is vulnerable to prototype pollution. The vulnerability is due to insufficient sanitization of the path argument in the set function, allowing injection of special object properties like proto, prototype, or constructor...