CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Cvelist•added 2026/03/24 3:16 p.m.•18 views

CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

6.5CVSS0.01115EPSS

Exploits1References2

Vulnrichment•added 2026/03/24 3:16 p.m.•2 views

CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation

6.5CVSS6.8AI score0.01115EPSS

Exploits1References2

EUVD•added 2026/03/24 3:16 p.m.•5 views

EUVD-2026-14911

6.5CVSS6.8AI score0.01115EPSS

Exploits1References2

EUVD•added 2026/03/24 3:7 p.m.•2 views

EUVD-2026-14909

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS5.9AI score0.00248EPSS

Exploits1References2

ATTACKERKB•added 2026/03/24 3:7 p.m.•2 views

CVE-2026-33335

6.4CVSS5.9AI score0.00248EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/03/24 3:2 p.m.•20 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS0.00385EPSS

Exploits0References2

EUVD•added 2026/03/24 3:2 p.m.•2 views

EUVD-2026-14907

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS

Exploits0References2

CVE•added 2026/03/24 3:2 p.m.•15 views

CVE-2026-33334

Summary (CVE-2026-33334): Vikunja Desktop Electron wrapper prior to 2.2.0 enables nodeIntegration in the renderer without contextIsolation or sandbox, turning any web frontend XSS into full remote code execution on the victim’s machine. Affected range: Vikunja 0.21.0 through 2.1.x (up to

9.6CVSS6.4AI score0.00385EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/03/24 12:0 a.m.•3 views

Vikunja 代码注入漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained a code injection vulnerability. This vulnerability occurred because the Vikunja Desktop Electron wrapper enabled nodeIntegration in the main BrowserWindow without any...

8.8CVSS6.2AI score0.01115EPSS

Exploits1References2

Positive Technologies•added 2026/03/24 12:0 a.m.•4 views

PT-2026-27444

6.5CVSS6.8AI score0.01115EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by