CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper handling of user-supplied input in the ParseTodos function. An attacker can inject arbitrary iCalendar properties by including CRLF characters in task titles or other fields, which are then concatenated into...

CVE-2026-35472 WeGIA - Open Redirect - EstoqueControle - listarTodos() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

CVE-2026-35398 WeGIA - Open Redirect - OrigemControle - listarTodos() & listarId_Nome() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

CVE-2026-35398 WeGIA - Open Redirect - OrigemControle - listarTodos() & listarId_Nome() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

[SECURITY] Fedora 42 Update: qownnotes-26.1.7-4.fc42

QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...

CVE-2026-23730 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=ProdutoControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle...

MAL-2025-48864 Malicious code in productivity-suite-todos-fragment (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in productivity-suite-todos-fragment (npm)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2005-1739

Malware in sbrugna...

EUVD-2021-2468

Malware in sbrugna...

PT-2024-24049 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 5.0.0 through 5.15.2 Description: The issue allows a remote authenticated attacker to delete the data of Shared To-Dos due to an incorrect authorization vulnerability. Recommendations: For Cybozu Garoon versions 5.0.0...

GitLab 8.5 < 12.10.13 / 13.0 < 13.0.8 / 13.1 < 13.1.2 (CVE-2020-13323)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos CVE-2020-13323 Note that Nessus has not tested for this issue but...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

todos-los-antonimos.com Cross Site Scripting vulnerability OBB-3925198

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

BIT-GITLAB-2020-13323

A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos...

PT-2022-11323 · Unknown · Todo-Regex

Name of the Vulnerable Software and Affected Versions: todo-regex version 0.1.1 Description: A Regular Expression Denial of Service ReDOS issue was found in the software when it matches crafted invalid TODO statements. This occurs because the regular expression used can be exploited to cause a...

Malicious code in google-cloud-node-todos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb7d68d158b2d8227576311310c92e1617519102e1de332cda3854beaaa12043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3413 Malicious code in google-cloud-node-todos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb7d68d158b2d8227576311310c92e1617519102e1de332cda3854beaaa12043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

GHSA-792J-9WJ3-J634 Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...