224 matches found
CVE-2019-25739 GigToDo Freelance Marketplace Script 1.3 Persistent XSS
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...
CVE-2026-35601
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar propert...
MAL-2026-2328 Malicious code in mcp-server-todo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f426e9e8a841f37f765614c031a1b4f56bb7ee1c8d5ed51b2aeb27a261edce9 The package mcp-server-todo was found to contain malicious code. Source: ghsa-malware d2e2326574c0d2811c6c20ff1523ad04fc4bdb6f062080751acdca4a592c68b...
Malicious Package
Overview mcp-server-todo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Serverless Express 安全漏洞
Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of the parameter userId in t...
MAL-2026-1533 Malicious code in todo-plz (npm)
The package 'todo-plz' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
Malicious code in todo-plz (npm)
The package 'todo-plz' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
[SECURITY] Fedora 43 Update: task-3.4.2-3.fc43
Taskwarrior is a command-line TODO list manager. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way. Taskwarrior scales to fit your workflow. Use it as a simple app that captures tasks, shows you the list, and removes tasks from that list. Leverage its capabiliti...
[SECURITY] Fedora 44 Update: task-3.4.2-3.fc44
Taskwarrior is a command-line TODO list manager. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way. Taskwarrior scales to fit your workflow. Use it as a simple app that captures tasks, shows you the list, and removes tasks from that list. Leverage its capabiliti...
EUVD-2018-21638
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a Local File Inclusion in index.php via the content parameter, allowing unauthenticated attackers to read arbitrary files (e.g., configuration/initialization files). This is triggered by directory traversal sequences supplied through content and leads to potential ex...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184 Surreal ToDo 0.6.1.2 Local File Inclusion via index.php
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184 Surreal ToDo 0.6.1.2 Local File Inclusion via index.php
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
PT-2026-23695
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
Getsurreal Surreal ToDo 路径遍历漏洞
Getsurreal Surreal ToDo is a task management application developed by Getsurreal. The version 0.6.1.2 of Getsurreal Surreal ToDo contains a path traversal vulnerability. This vulnerability stems from an issue with local file inclusion in the content parameter, which may allow unverified attackers...
Vikunja 授权问题漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.1.0 had a security vulnerability related to authorization. This vulnerability stemmed from the possibility of password reset tokens being reused indefinitely, which could lead to account...
PT-2026-7716
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 1.1.0 Description Vikunja, a todo-app, contains a cross-site scripting XSS issue in the task preview mechanism. The TaskGlanceTooltip.vue component creates a temporary div and sets its innerHtml to the task descriptio...
[SECURITY] Fedora 43 Update: qownnotes-26.1.7-4.fc43
QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...