13159 matches found
Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download
Summary The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests t...
GHSA-G9XJ-752Q-XH63 Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download
Summary The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...
EUVD-2026-14923
Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download...
GHSA-94XM-JJ8X-3CR4 Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect
Summary When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue...
Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect
Summary When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue...
EUVD-2026-14913
Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...
GHSA-8G29-8XWR-QMHR @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling
Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...
@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling
Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...
CVE-2026-27656 Account Takeover via Substring Matching in OpenID Connect Authentication
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...
CVE-2026-27656
Mattermost contains a vulnerability (CVE-2026-27656) where versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, and 10.11.x
EUVD-2025-208981
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
EUVD-2025-208983
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...
EUVD-2025-208979
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-27260
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-40842
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...
CVE-2025-40841
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-40842
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...
CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...