Vulnerabilidades em go-vikunja
35 resultadosCVE-2026-33336MEDIUMVikunja Desktop vulnerable to Remote Code Execution via same-window navigationEPSS 1.1%CVE-2026-27819HIGHVikunja has Path Traversal in CLI RestoreEPSS 0.7%CVE-2026-28268CRITICALVikunja Vulnerable to Account Takeover via Password Reset Token ReuseEPSS 0.7%CVE-2026-27616HIGHVikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token ExposureEPSS 0.5%CVE-2026-33668HIGHVikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID ConnectEPSS 0.5%CVE-2026-27575CRITICALVijkunja has Weak Password Policy Combined with Persistent Sessions After Password ChangeEPSS 0.4%CVE-2026-33680HIGHVikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission EscalationEPSS 0.4%CVE-2026-33334MEDIUMVikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegrationEPSS 0.4%CVE-2026-33316HIGHVikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account DisablementEPSS 0.4%CVE-2026-35599MEDIUMVikunja has an Algorithmic Complexity DoS in Repeating Task HandlerEPSS 0.3%CVE-2026-35602MEDIUMVikunja has a File Size Limit Bypass via Vikunja ImportEPSS 0.3%CVE-2026-33679MEDIUMVikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF ProtectionsEPSS 0.3%CVE-2026-33676MEDIUMVikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task ReadEPSS 0.3%CVE-2026-29794MEDIUMVikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed HeadersEPSS 0.3%CVE-2026-33474MEDIUMVikunja Affected by DoS via Image Preview GenerationEPSS 0.3%CVE-2026-33315MEDIUMVikunja has a 2FA Bypass via Caldav Basic AuthEPSS 0.3%CVE-2026-33677MEDIUMWebhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via APIEPSS 0.3%CVE-2026-35597MEDIUMVikunja Affected by TOTP Brute-Force Due to Non-Functional Account LockoutEPSS 0.3%CVE-2026-35595HIGHVikunja Affected by Privilege Escalation via Project ReparentingEPSS 0.3%CVE-2026-34727HIGHVikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login PathEPSS 0.3%