2 matches found
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection in the migration helper functions, which could lead to server-side request forgeing...
CVE-2026-27819
Vikunja prior to 2.0.0 contains a path traversal vulnerability in the CLI restore path. The restore.go logic in go-vikunja/vikunja uses the ZIP entry’s Name directly in os.OpenFile calls without validating paths, allowing a malicious ZIP to escape the intended extraction directory and overwrite a...