Vikunja 授权问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.1.0 had a security vulnerability related to authorization. This vulnerability stemmed from the possibility of password reset tokens being reused indefinitely, which could lead to account...

PT-2026-7716

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 1.1.0 Description Vikunja, a todo-app, contains a cross-site scripting XSS issue in the task preview mechanism. The TaskGlanceTooltip.vue component creates a temporary div and sets its innerHtml to the task descriptio...

EUVD-2025-1563

Malicious code in bioql PyPI...

on-duty-js (=3.0.0), todo-app-23426 (=1.0.0) potentially affected by unknown CVE via chalkk (=0.0.1-security)

chalkk NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on chalkk and may be impacted: - on-duty-js =3.0.0 - todo-app-23426 =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-16776...

MAL-2025-6332 Malicious code in fast-todo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e463847c2b9e6ff287b0862f66d4845c4452d8f4508ee7a298c99fccec9ca00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fast-todo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e463847c2b9e6ff287b0862f66d4845c4452d8f4508ee7a298c99fccec9ca00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview fast-todo-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-0228

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-0228

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-0228

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-0228 code-projects Local Storage Todo App index.html cross site scripting

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-0228

The CVE-2025-0228 entry affects code-projects Local Storage Todo App 1.0, specifically the /js-todo-app/index.html file. The root cause is manipulation of the Add argument, which leads to cross-site scripting (XSS). The vulnerability is exploitable remotely, and the exploit has been disclosed pub...

CVE-2025-0228 code-projects Local Storage Todo App index.html cross site scripting

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

Code-Projects Local Storage Todo App 代码注入漏洞

Code-Projects Local Storage Todo App is an open source local code storage project by Code-Projects. A code injection vulnerability exists in Code-Projects Local Storage Todo App version 1.0, which originates from a cross-site scripting vulnerability contained in the Add parameter in the...

PT-2025-3798 · Unknown · Code-Projects Local Storage Todo App

Name of the Vulnerable Software and Affected Versions: code-projects Local Storage Todo App version 1.0 Description: A problem has been found in the code that affects the /js-todo-app/index.html file. The issue arises from the manipulation of the Add argument, leading to cross-site scripting. Thi...

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

Malicious Package

Overview fast-todo-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...