CVE-2026-27819
- EPSS 0.74%
- Veröffentlicht 25.02.2026 21:40:38
- Zuletzt bearbeitet 05.03.2026 16:32:00
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archiv...
CVE-2026-27616
- EPSS 0.45%
- Veröffentlicht 25.02.2026 21:37:57
- Zuletzt bearbeitet 05.03.2026 16:35:10
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as <scri...
CVE-2026-27575
- EPSS 0.43%
- Veröffentlicht 25.02.2026 21:35:23
- Zuletzt bearbeitet 05.03.2026 17:21:37
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain va...
CVE-2026-27116
- EPSS 0.22%
- Veröffentlicht 25.02.2026 21:33:50
- Zuletzt bearbeitet 05.03.2026 17:22:12
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rendered into the DOM without output encoding when the ...
CVE-2026-25935
- EPSS 0.23%
- Veröffentlicht 11.02.2026 20:47:53
- Zuletzt bearbeitet 20.02.2026 20:17:54
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a proje...