CVE-2026-35598

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...

CVE-2026-35598 Vikunja has Missing Authorization on CalDAV Task Read

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the CalDAV method, which did not verify the user’s access rights to task items when retrieving tasks by UID. This could allow...

CVE-2026-22680

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

CVE-2026-33676

Summary: Vikunja, an open-source self-hosted task manager, has a cross-project information disclosure in its API. Before 2.2.1, when returning tasks, the API fills the related_tasks field with full task objects for all related tasks without verifying the requester’s read permission on those proje...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions prior to 2.4.0 through 2.38.0, which stems from the possibility that an authenticated user may...

MTL-UE: Learning to Learn Nothing for Multi-Task Learning

Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...

WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...

PYSEC-2023-231

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are...

GHSA-32WR-QQW6-5MFP Apache Airflow vulnerable to sensitive information exposure

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with th...

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an information disclosure vulnerability that can be...

SUSE CVE-2005-2549

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...

Wordpress Zephyr Project Manager 3.2.42 Plugin - Multiple SQL injection Vulnerabilities

Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/ Vendor Homepage:...

IBM Business Process Manager Design Vulnerabilities

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. There is a security vulnerability in IBM BPM. A remo...

CVE-2016-10086

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request...