CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

CVE-2026-25935

Technical details for CVE-2026-25935 (Vikunja XSS prior to 1.1.0) are not provided in the supplied documents. Monitor for updates and refer to the fixed version 1.1.0 for remediation context.

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

Vikunja Vulnerable to XSS Via Task Preview

Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...

GHSA-M4G2-2Q66-VC9V Vikunja Vulnerable to XSS Via Task Preview

Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...

PT-2026-7716

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 1.1.0 Description Vikunja, a todo-app, contains a cross-site scripting XSS issue in the task preview mechanism. The TaskGlanceTooltip.vue component creates a temporary div and sets its innerHtml to the task descriptio...

Vikunja Vulnerable to XSS Via Task Preview

The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

Worklenz SQL注入漏洞

Worklenz is a project management tool developed under open source in Worklenz. Versions of Worklenz prior to 2.1.7 contained a SQL injection vulnerability. This vulnerability stemmed from multiple SQL injection points in the backend SQL queries, affecting functions such as project task management...

Incorrect Use of Privileged APIs

Overview Affected versions of this package are vulnerable to Incorrect Use of Privileged APIs via insufficient permission checks in the getlog function. An authenticated user without log-viewing permissions can still access task execution logs containing sensitive operational data, debugging...

Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access

Vulnerability Overview An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions. The Flaw The vulnerability affects environments using custom roles or granular permission settings. Normally, Airfl...

GHSA-PM44-X5X7-24C4 Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access

Vulnerability Overview An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions. The Flaw The vulnerability affects environments using custom roles or granular permission settings. Normally, Airfl...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

PYSEC-2026-11

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

PYSEC-2026-11

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22922

CVE-2026-22922 affects Apache Airflow versions 3.1.0–3.1.6, where an authorization flaw could allow an authenticated user with custom permissions limited to task access to view task logs without task-log access. The issue has been fixed in Airflow 3.1.7 and later. Practical impact is limited to l...

CVE-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...