CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/27 12:0 a.m.•5 views

Calibre 代码问题漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.6.0, there were code-related vulnerabilities. These vulnerabilities stemmed from a server-side reques...

5.5CVSS6AI score0.00173EPSS

RedhatCVE•added 2026/03/26 3:16 p.m.•4 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS6AI score0.00237EPSS

RedhatCVE•added 2026/03/26 3:12 p.m.•4 views

CVE-2026-3534

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...

6.4CVSS6AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:8 p.m.•3 views

CVE-2026-33312

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

RedhatCVE•added 2026/03/26 3:7 p.m.•3 views

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

4.8CVSS5.8AI score0.00084EPSS

Exploits0References1

OSV•added 2026/03/23 6:16 p.m.•3 views

GO-2026-4795 Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api

Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

Github Security Blog•added 2026/03/20 5:25 p.m.•5 views

Exploits1References3

Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

Exploits1References4Affected Software1

Snyk•added 2026/03/20 5:25 p.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

5.4CVSS6.4AI score0.00211EPSS

EUVD•added 2026/03/20 5:25 p.m.•3 views

EUVD-2026-13708

Vikunja read-only users can delete project background images via broken object-level authorization...

Snyk•added 2026/03/20 5:25 p.m.•4 views

Exploits1References3

Incorrect Authorization

5.4CVSS5.9AI score0.00211EPSS

OSV•added 2026/03/20 5:25 p.m.•3 views

GHSA-564F-WX8X-878H Vikunja read-only users can delete project background images via broken object-level authorization

NVD•added 2026/03/20 3:16 p.m.•4 views

Exploits1References4

CVE-2026-33312

5.4CVSS0.00211EPSS

Cvelist•added 2026/03/20 2:42 p.m.•18 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

5.3CVSS0.00211EPSS

OSV•added 2026/03/20 2:42 p.m.•2 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

5.3CVSS6.4AI score0.00211EPSS

Exploits1References4

Vulnrichment•added 2026/03/20 2:42 p.m.•1 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

ATTACKERKB•added 2026/03/20 2:42 p.m.•1 views

CVE-2026-33312

Exploits1References3Affected Software1

CVE•added 2026/03/20 2:42 p.m.•7 views

CVE-2026-33312

Vikunja open‑source self-hosted task management platform. Affected: versions 0.20.2 through 2.1.x (prior to 2.2.0). Issue: the DELETE /api/v1/projects/:project/background endpoint checks CanRead instead of CanUpdate, allowing any user with read‑only access to a project to permanently delete its b...

Exploits1References2Affected Software1

GitLab Advisory Database•added 2026/03/20 12:0 a.m.•6 views

Vikunja read-only users can delete project background images via broken object-level authorization

The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image...