Lucene search
K

149 matches found

snyk
snyk
added 2026/04/10 3:34 p.m.8 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
snyk
snyk
added 2026/04/10 3:30 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...

9.1CVSS5.8AI score0.00281EPSS
Exploits1References2
euvd
euvd
added 2026/04/10 3:30 p.m.3 views

EUVD-2026-21414

Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path...

7.4CVSS5.8AI score0.00281EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.8 views

PT-2026-31948

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A flaw exists in Vikunja before version 2.3.0 related to the Time-based One-Time Password TOTP failed-attempt lockout mechanism. A database transaction handling bug prevents the account lockout from...

7.5CVSS5.8AI score0.00296EPSS
Exploits1References9
cnnvd
cnnvd
added 2026/04/10 12:0 a.m.9 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a failure in the TOTP lock mechanism’s attempt to lock the account due to database transaction processing errors...

7.5CVSS5.8AI score0.00296EPSS
Exploits1References5
nessus
nessus
added 2026/04/10 12:0 a.m.96 views

SonicWall SMA 1000 Series <= 12.4.3-03245 / 12.5.x <= 12.5.0-02283 Multiple Vulnerabilities (SNWLID-2026-0003)

The remote host is a SonicWall SMA 1000 Series device that is affected by multiple vulnerabilities: - A privilege escalation vulnerability due to improper neutralization of special elements used in an SQL command. A remote authenticated attacker with read-only administrator privileges can escalat...

7.2CVSS7.3AI score0.00613EPSS
Exploits0References5
nvd
nvd
added 2026/04/09 3:16 p.m.9 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

6.6CVSS0.00597EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/09 2:25 p.m.22 views

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

0.00597EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.3 views

PT-2026-31395

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances affected versions not specified Description A remote attacker can enumerate SSL VPN user credentials due to an observable response discrepancy. Recommendations At the moment, there is no information about a...

7.2CVSS7.1AI score0.00363EPSS
Exploits0References10
susecve
susecve
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.9AI score0.00258EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31875

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as...

8.2CVSS5.9AI score0.0044EPSS
Exploits0References1
susecve
susecve
added 2026/03/25 12:24 a.m.13 views

SUSE CVE-2026-32246

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

8.5CVSS5.9AI score0.0027EPSS
Exploits1References3
nvd
nvd
added 2026/03/24 4:16 p.m.5 views

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS0.00258EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/03/24 3:18 p.m.4 views

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References3
cve
cve
added 2026/03/24 3:18 p.m.13 views

CVE-2026-33473

CVE-2026-33473 describes a TOTP reuse vulnerability in Vikunja: any user with 2FA enabled can reuse their TOTP within the standard 30-second window in versions prior to 2.2.1. The issue affects Vikunja 0.13 up to before 2.2.1 and is fixed in 2.2.1. The CVSS 3.1 base score is 5.7 (Medium). Actiona...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2026/03/24 12:0 a.m.6 views

Vikunja 授权问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. In versions 0.13 to 2.2.1 of Vikunja, there was a vulnerability related to authorization. This vulnerability occurred because users who enabled two-factor authentication could reuse TOTP within the standard 30-second...

5.7CVSS6.4AI score0.00258EPSS
Exploits1References3
snyk
snyk
added 2026/03/23 6:16 p.m.3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack via the TOTP authentication process. An attacker can bypass authentication controls by reusing a valid TOTP code within its validity window. Remediation Upgrade github.com/go-vikunja/vikunja/pkg/user to version 2.2.1 or...

6.9CVSS5.9AI score0.00258EPSS
Exploits1References3
snyk
snyk
added 2026/03/23 6:16 p.m.2 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack via the TOTP authentication process. An attacker can bypass authentication controls by reusing a valid TOTP code within its validity window. Remediation Upgrade code.vikunja.io/api/pkg/user to version 2.2.1 or higher...

6.9CVSS5.9AI score0.00258EPSS
Exploits1References3
osv
osv
added 2026/03/23 6:16 p.m.4 views

GO-2026-4805 Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api

Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References1
osv
osv
added 2026/03/20 8:43 p.m.4 views

GHSA-P747-QC5P-773R Vikunja has TOTP Reuse During Validity Window

Summary Any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Details The below code is called when a user that has 2FA is authenticating to the application. Once they submit a valid username-password-totp combination, the user gets authenticated...

5.7CVSS5.9AI score0.00258EPSS
Exploits1References5
Rows per page
Query Builder