60 matches found
CVE-2026-35599
Summary: CVE-2026-35599 affects Vikunja prior to version 2.3.0, where addRepeatIntervalToTime uses an O(n) loop to advance a date by RepeatAfter until it passes now. When a repeating task uses a 1-second interval and an old due_date, this can trigger billions of iterations, causing high CPU usage...
CVE-2026-35599 Vikunja has an Algorithmic Complexity DoS in Repeating Task Handler
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...
EUVD-2026-21426
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler...
Arbitrary File Read via Log Symlink following in FileTaskHandler
This report is not public...
EUVD-2016-2102
Malware in sbrugna...
EUVD-2025-24062
Malicious code in bioql PyPI...
EUVD-2025-29115
Malicious code in bioql PyPI...
EUVD-2022-51675
Malicious code in bioql PyPI...
EUVD-2021-34103
Malicious code in bioql PyPI...
EUVD-2024-47376
Malicious code in bioql PyPI...
CVE-2025-10395
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-10395
The CVE-2025-10395 entry concerns Magicblack MacCMS (version 2025.1000.4050) where the col_url function in the Scheduled Task Handler is vulnerable. The root cause is improper manipulation of the cjurl parameter, enabling server-side request forgery. This can be triggered remotely and could impac...
CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...
PT-2025-37406
Name of the Vulnerable Software and Affected Versions: Magicblack MacCMS version 2025.1000.4050 Description: A server-side request forgery issue exists in the col url function of the Scheduled Task Handler component. Manipulation of the cjurl argument can trigger the issue, allowing for remote...
maccms10 代码问题漏洞
maccms10 is magicblack open source PHP+MYSQL environment using a set of perfect and powerful rapid site building system. maccms10 2025.1000.4050 version of the code problem vulnerabilities. A code issue vulnerability exists in maccms10 version 2025.1000.4050, which stems from the incorrect...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
CVE-2025-8775 Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...