Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/10 5:17 p.m.0 views

CVE-2026-35598

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...

4.3CVSS0.00033EPSS
Exploits1References4
CVE
CVEadded 2026/04/10 4:4 p.m.5 views

CVE-2026-35598

Vikunja CalDAV Read vulnerability (CVE-2026-35598): CalDAV GetResource/GetResourcesByList fetch tasks by UID without enforcing authorization, allowing any authenticated CalDAV user who knows or guesses a task UID to read full task data from any project. Affects Vikunja before v2.3.0; fixed in v2....

4.3CVSS5.9AI score0.00033EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 4:4 p.m.2 views

CVE-2026-35598 Vikunja has Missing Authorization on CalDAV Task Read

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...

4.3CVSS5.9AI score0.00033EPSS
Exploits1References4
EUVD
EUVDadded 2026/04/10 3:34 p.m.3 views

EUVD-2026-21425

Vikunja Missing Authorization on CalDAV Task Read...

4.3CVSS5.8AI score0.00033EPSS
Exploits1References4
OSV
OSVadded 2026/03/26 8:33 p.m.2 views

GO-2026-4847 Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

6.5CVSS5.9AI score0.00015EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/03/25 9:17 p.m.4 views

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...

6.5CVSS5.9AI score0.00015EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2026/03/24 3:35 p.m.15 views

CVE-2026-33676 Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...

6.5CVSS0.00015EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-49685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed...

7.8CVSS6.7AI score0.00018EPSS
Exploits0References2
Rows per page
Query Builder