Lucene search
+L

142 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 7:42 p.m.15 views

CVE-2026-59097

Taiga (software) prior to version 6.10.2 contains a missing authorization vulnerability that lets unauthenticated remote attackers create default due-date records in any project by abusing unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. An arbitrary project id...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.39 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:42 p.m.8 views

EUVD-2026-41428

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:42 p.m.4 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/07/02 7:42 p.m.8 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 6:29 p.m.13 views

GHSA-CPWG-X64R-RGWG gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)

Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization Affected Component - github.com/pilinux/gorest — Go REST API boilerplate - InMemorySecret2FA — in-memory 2FA secret store...

5.9CVSS6AI score0.00051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

MiracleLinux 8 : firefox-140.11.0-1.el8_10.ML.1 (AXSA:2026-764:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-764:13 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

9.8CVSS5.7AI score0.00605EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.31 views

PT-2026-45456

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

5.8AI score0.00415EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 12:0 a.m.21 views

ALSA-2026:19353 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path...

9.1CVSS7AI score0.01557EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.5 views

Foxit PDF Editor < 13.2.4 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 13.2.4. It is, therefore affected by multiple vulnerabilities: - Document structural anomalies caused inconsistencies between page element relationships an...

7.8CVSS6AI score0.00182EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/10 4:5 p.m.30 views

CVE-2026-35599 Vikunja has an Algorithmic Complexity DoS in Repeating Task Handler

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

6.5CVSS0.00347EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 4:5 p.m.2 views

CVE-2026-35599 Vikunja has an Algorithmic Complexity DoS in Repeating Task Handler

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

6.5CVSS6AI score0.00347EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/10 3:34 p.m.3 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the addRepeatIntervalToTime function. An attacker can exhaust server resources and render the application unresponsive by creating tasks with extremely small repeat intervals and due dates far ...

7.1CVSS5.8AI score0.00347EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/10 3:34 p.m.7 views

Vikunja has Algorithmic Complexity DoS in Repeating Task Handler

Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...

6.5CVSS5.8AI score0.00347EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31950

Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: Vikunja, a self-hosted task management platform, contains an issue where the addRepeatIntervalToTime function uses an inefficient loop. An attacker can create a repeating task with a 1-second...

6.5CVSS5.9AI score0.00347EPSS
Exploits1References9
CISA
CISA
added 2026/03/13 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3909link is external Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910link is external Google Chromium V8 Unspecified Vulnerability These types o...

8.8CVSS5.8AI score0.02EPSS
In wildExploits1References7
CISA
CISA
added 2026/03/09 12:0 p.m.30 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22054link is external Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399link is external SolarWinds Web Help Desk Deserialization of...

9.8CVSS5.8AI score0.97713EPSS
In wildExploits2References8
CISA
CISA
added 2026/01/13 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...

5.5CVSS6.6AI score0.05028EPSS
In wildExploits5References6
Rows per page
Query Builder