CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

PT-2025-47243

Name of the Vulnerable Software and Affected Versions Post Type Switcher plugin for WordPress versions up to and including 4.0.0 Description The software contains an Insecure Direct Object Reference issue because of missing validation on a user-controlled key. Authenticated attackers with...