Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Summary When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue...

[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 42 Update: nextcloud-31.0.5-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

PT-2023-24200 · Nextcloud +1 · Nextcloud Calendar +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 3.5.5 Nextcloud Calendar app versions prior to 4.2.3 Description: The issue concerns the disclosure of internal website paths when the SMTP server is unavailable. This affects the functionality of the...