5018 matches found
CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...
CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...
CVE-2026-33473
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...
CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...
CVE-2026-33473
CVE-2026-33473 describes a TOTP reuse vulnerability in Vikunja: any user with 2FA enabled can reuse their TOTP within the standard 30-second window in versions prior to 2.2.1. The issue affects Vikunja 0.13 up to before 2.2.1 and is fixed in 2.2.1. The CVSS 3.1 base score is 5.7 (Medium). Actiona...
CVE-2026-33315
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
CVE-2026-33315
CVE-2026-33315 (Vikunja) is a vulnerability in Vikunja prior to version 2.2.0 where the Caldav endpoint allows login using Basic Authentication. This enables bypass of TOTP on accounts with 2FA enabled, allowing access to protected project information such as name and description. The issue is fi...
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...
PT-2026-27486
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.61 Parse Server versions prior to 9.6.0-alpha.55 Description Parse Server is an open source backend deployable on Node.js infrastructures. An authenticated user calling the GET /users/me API endpoint receives...
Vikunja 授权问题漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. In versions 0.13 to 2.2.1 of Vikunja, there was a vulnerability related to authorization. This vulnerability occurred because users who enabled two-factor authentication could reuse TOTP within the standard 30-second...
Parse Server 信息泄露漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.61 and 9.6.0-alpha.55 contain a vulnerability known as information leakage. This vulnerability stems from the GET /users/me...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.60 and 9.6.0-alpha.54. These vulnerabilities stemmed from the ability for MFA recovery...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from Caldav endpoints allowing login using basic authentication, which could enable users to bypass TOTP accounts that...
CVE-2026-32879
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...