•about 2 hours ago•GHSA-2PV8-4C52-MF8J
8.1GHSA-2PV8-4C52-MF8J: Instance-Wide Data Breach via Auth Bypass and IDOR Chain in Vikunja
A critical vulnerability chain in the Vikunja task management platform allows unauthenticated or minimally authenticated attackers to perform an instance-wide data breach. By combining a link-share hash disclosure (CVE-2026-33680) with a task attachment IDOR (CVE-2026-33678), attackers can read or delete any file attachment on the system.
1 views•6 min read
•about 10 hours ago•CVE-2026-32746
9.8CVE-2026-32746: Pre-Authentication Remote Code Execution via BSS Overflow in GNU Inetutils telnetd
A 32-year-old pre-authentication buffer overflow vulnerability exists in the GNU Inetutils telnetd daemon. The flaw resides in the LINEMODE SLC suboption handler, allowing remote attackers to achieve arbitrary code execution as the root user by overflowing a fixed-size BSS buffer during the initial Telnet handshake.
6 views•8 min read
•about 12 hours ago•CVE-2026-33675
6.4CVE-2026-33675: Server-Side Request Forgery (SSRF) in Vikunja Task Migration
A Server-Side Request Forgery (SSRF) vulnerability in Vikunja versions prior to 2.2.1 allows authenticated users to exfiltrate internal network resources during task migration operations.
3 views•6 min read
•about 12 hours ago•CVE-2026-33676
6.5CVE-2026-33676: Cross-Project Information Disclosure in Vikunja API
CVE-2026-33676 is an Incorrect Authorization (CWE-863) vulnerability in the Vikunja task management platform. The application fails to enforce project-level access controls when the API populates related tasks, allowing authenticated users to read sensitive task details across projects they are not authorized to access. The vulnerability was patched in version 2.2.1.
4 views•6 min read
•about 13 hours ago•CVE-2026-33677
6.5CVE-2026-33677: Plaintext Credential Exposure in Vikunja Webhook API
Vikunja versions prior to 2.2.1 suffer from a medium-severity information disclosure vulnerability (CWE-200). The webhook management API fails to redact Basic Authentication credentials during serialization, exposing plaintext usernames and passwords intended for external systems to any user with read-only project access.
3 views•6 min read
•about 14 hours ago•CVE-2026-33678
8.1CVE-2026-33678: Insecure Direct Object Reference in Vikunja Task Attachments
Vikunja versions prior to 2.2.1 suffer from a critical Insecure Direct Object Reference (IDOR) vulnerability in the task attachment API. The flaw allows authenticated attackers to bypass authorization controls and systematically read or delete arbitrary file attachments across the entire application instance.
2 views•6 min read
•about 14 hours ago•CVE-2026-33679
6.4CVE-2026-33679: Server-Side Request Forgery via OIDC Avatar Processing in Vikunja
Vikunja versions prior to 2.2.1 contain a Server-Side Request Forgery (SSRF) vulnerability in the OpenID Connect (OIDC) authentication module. The application fails to validate destination IP addresses when fetching user avatars from OIDC provider claims, allowing attackers to target internal network services.
2 views•7 min read
•about 15 hours ago•CVE-2026-33680
7.5CVE-2026-33680: Permission Escalation via Link Share Hash Disclosure in Vikunja
Vikunja versions prior to 2.2.2 suffer from an improper authorization vulnerability in the link-sharing mechanism. The ReadAll API endpoint fails to validate permissions correctly, allowing an attacker with a read-only link share to extract authentication hashes for administrative shares. This flaw enables unauthenticated or low-privilege actors to escalate their access to full administrative control over a target project.
3 views•8 min read
•about 15 hours ago•CVE-2026-33700
6.9CVE-2026-33700: Insecure Direct Object Reference (IDOR) in Vikunja Link Share Deletion
CVE-2026-33700 is an Insecure Direct Object Reference (IDOR) vulnerability in the Vikunja task management platform, specifically affecting the link share deletion API endpoint. This flaw allows an authenticated user with administrative privileges in one project to arbitrarily delete link shares belonging to any other project on the instance.
7 views•5 min read
•about 16 hours ago•CVE-2026-33716
9.4CVE-2026-33716: Critical Authentication Bypass in WWBN AVideo Live Stream Control
WWBN AVideo versions 26.0 and prior are vulnerable to an unauthenticated remote authentication bypass (CWE-287) in the live stream control endpoint. Unvalidated user input permits an attacker to override internal verification requests, leading to arbitrary execution of RTMP stream management commands.
3 views•6 min read
•about 16 hours ago•CVE-2026-33719
8.6CVE-2026-33719: Unauthenticated CDN Configuration Takeover in WWBN AVideo
WWBN AVideo versions up to 26.0 suffer from a critical missing authentication vulnerability in the CDN plugin. An unauthenticated attacker can exploit a logic flaw in default key handling combined with a mass-assignment vulnerability to take complete control of the CDN configuration.
4 views•6 min read
•about 17 hours ago•CVE-2026-33723
7.1CVE-2026-33723: Authenticated SQL Injection in WWBN AVideo Subscription Logic
WWBN AVideo versions up to and including 26.0 contain a critical SQL injection vulnerability in the subscription module. The application fails to properly sanitize or parameterize the `user_id` POST parameter before incorporating it into database queries within the `Subscribe::save()` method. This allows an authenticated attacker to execute arbitrary SQL commands, gaining unauthorized read access to the backend database.
2 views•5 min read