GO-2026-4952 Vikunja vulnerable to Privilege Escalation via Project Reparenting in code.vikunja.io/api

Vikunja vulnerable to Privilege Escalation via Project Reparenting in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6 – Reparenting the CPUX during PLL CPUX clock rate changes. While changes in the PLL CPUX clock rate when the CPU is running work in the vast majority of cases, occasionally they cause instability. This leads to...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Added a NULL check in BE reparenting. A NULL check was also added to the dpcmbereparent API, to handle kernel NULL pointer dereferencing errors. This issue occurred during fuzzing tests...

PT-2026-42365

Vikunja vulnerable to Privilege Escalation via Project Reparenting in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparenting the GPU clock during frequency changes The H616 manual does not indicate that the GPU PLL supports dynamic frequency configuration. Therefore, we must be extra careful when changing the frequency...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006897 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change whe...

CVE-2026-35595

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

GHSA-2VQ4-854F-5C72 Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

EUVD-2026-21418

Vikunja vulnerable to Privilege Escalation via Project Reparenting...

Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

PT-2026-31946

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006809 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change whe...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988770 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libqt5-qtbase (SUSE-SU-2025:3723-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3723-1 advisory. Security issues fixed: - CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigg...

Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986534)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986534 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986756 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986329 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...