Lucene search
K

2546 matches found

SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.2 views

SUSE CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.9AI score0.00258EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:36 p.m.2 views

CVE-2026-33882

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/27 8:36 p.m.5 views

CVE-2026-33882

Statamic CMS vulnerability CVE-2026-33882 affects Statamic versions prior to 5.73.16 and 6.7.2. The issue lies in the markdown preview endpoint, which could be manipulated to return augmented data from arbitrary fieldtypes. In particular, the users fieldtype could be leveraged by an authenticated...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 8:36 p.m.4 views

CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 12:15 p.m.4 views

BIT-GITLAB-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.9AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 7:3 p.m.4 views

GHSA-CVH3-23VQ-W7H4 Statamic's Markdown preview endpoint exposes sensitive user data

Impact The markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retrieve sensitive user data including email addresses, encrypted passkey data, and encrypted two-factor...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.5 views

CVE-2026-2745

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.8AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33315

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32133

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15804

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS5.8AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/25 4:34 p.m.24 views

CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:34 p.m.21 views

CVE-2026-2745

GitLab CVE-2026-2745 affects GitLab CE/EE versions 7.11 up to 18.8.7, 18.8.x before 18.8.7; 18.9 before 18.9.3; and 18.10 before 18.10.1. The issue allowed an unauthenticated user to bypass WebAuthn two‑factor authentication and gain unauthorized access to user accounts due to inconsistent input ...

8.1CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:34 p.m.2 views

CVE-2026-2745

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS5.8AI score0.00276EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:34 p.m.5 views

CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS5.8AI score0.00276EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 4:16 p.m.3 views

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS0.00258EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/24 3:18 p.m.22 views

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS0.00258EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:18 p.m.2 views

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder