Lucene search
K

2540 matches found

CVE
CVE
added 2026/03/24 2:53 p.m.20 views

CVE-2026-33315

CVE-2026-33315 (Vikunja) is a vulnerability in Vikunja prior to version 2.2.0 where the Caldav endpoint allows login using Basic Authentication. This enables bypass of TOTP on accounts with 2FA enabled, allowing access to protected project information such as name and description. The issue is fi...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/24 2:53 p.m.19 views

CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS0.00302EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 2:53 p.m.5 views

CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS6.3AI score0.00302EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

Vikunja 授权问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. In versions 0.13 to 2.2.1 of Vikunja, there was a vulnerability related to authorization. This vulnerability occurred because users who enabled two-factor authentication could reuse TOTP within the standard 30-second...

5.7CVSS6.4AI score0.00258EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from Caldav endpoints allowing login using basic authentication, which could enable users to bypass TOTP accounts that...

6.9CVSS6.4AI score0.00302EPSS
Exploits1References3
NVD
NVD
added 2026/03/23 8:16 p.m.8 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 7:24 p.m.3 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 7:24 p.m.19 views

CVE-2026-32879

CVE-2026-32879 affects New API (LLM gateway/AI asset management). Beginning with version 0.10.0, a logic flaw in the universal secure verification flow lets an authenticated user with a registered passkey satisfy secure verification without completing a WebAuthn assertion. Exploitation status is ...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/23 7:24 p.m.24 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 7:24 p.m.13 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 7:24 p.m.5 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/23 6:30 p.m.3 views

EUVD-2026-14459

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is...

6.3CVSS5.1AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2026/03/23 6:16 p.m.2 views

GO-2026-4794 Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api

Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References2
NVD
NVD
added 2026/03/23 4:16 p.m.5 views

CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

8.1CVSS0.00251EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 3:56 p.m.27 views

CVE-2026-4592 kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is...

6.3CVSS0.00348EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/23 3:23 p.m.22 views

CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS0.00251EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 3:23 p.m.5 views

CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS5.7AI score0.00251EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/23 3:23 p.m.10 views

CVE-2026-33488

WWBN AVideo CVE-2026-33488 affects versions up to 26.0 where the LoginControl plugin’s PGP 2FA key generation uses 512-bit RSA keys. The 512-bit modulus is factorable and, if an attacker obtains a user’s public key, can be factored on commodity hardware to derive the private key and decrypt 2FA c...

8.1CVSS5.7AI score0.00251EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/23 3:23 p.m.5 views

CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS5.8AI score0.00251EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of weak RSA keys and the lack of authentication at the endpoint, which could lead...

8.1CVSS5.8AI score0.00251EPSS
Exploits1References2
Rows per page
Query Builder