5879 matches found
WordPress Task Manager plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by theviper17y in WordPress Plugin Task Manager versions = 3.0.2...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the task comments process. An attacker can access unauthorized comment data by manipulating identifiers in API requests. Remediation Upgrade github.com/go-vikunja/vikunja/pkg/models t...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the task comments process. An attacker can access unauthorized comment data by manipulating identifiers in API requests. Remediation Upgrade code.vikunja.io/api/pkg/models to version...
GO-2026-4797 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api
Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api...
PT-2026-27221
OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...
MAL-2026-2079 Malicious code in @emilgroup/task-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d10e089e1ab5774c571e6a0f5c650a044301456e9558509c051d38dce51eac73 The package @emilgroup/task-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2078 Malicious code in @emilgroup/task-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4aef8ca2987206595d5c54a2df6265669bdb67ca99915bb763ac38f2d6a46d7 The package @emilgroup/task-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/task-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4aef8ca2987206595d5c54a2df6265669bdb67ca99915bb763ac38f2d6a46d7 The package @emilgroup/task-sdk was found to contain malicious code. Source: ghsa-malware...
SUSE CVE-2026-23275
In the Linux kernel, the following vulnerability has been resolved: iouring: ensure ctx-rings is stable for task work flags manipulation If DEFERTASKRUN | SETUPTASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORINGSQTASKRUN to happen in the...
EUVD-2026-14150
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-4004
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-2351
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-4004 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' Parameter
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-4004
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-4004 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' Parameter
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-4004
CVE-2026-4004 affects the WordPress Task Manager plugin up to version 3.0.2. The vulnerability stems from missing capability checks in the callback_search() function and insufficient input validation that lets shortcode syntax (square brackets) pass through sanitize_text_field() and be concatenat...
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351
The CVE-2026-2351 entry concerns the WordPress Task Manager plugin (up to version 3.0.2). The vulnerability is an Arbitrary File Read via the callback_get_text_from_url() function, exploitable by authenticated users with Subscriber-level access and above. The impact is exposure of contents from a...
CVE-2026-2351
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...