| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33473 | Vikunja has TOTP Reuse During Validity Window | go-vikunja | vikunja | Medium | 5.7 | 2026-03-24 15:18:14 | Deep Dive |
| CVE-2026-33336 | Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation | go-vikunja | vikunja | 中危 | - | 2026-03-24 15:16:15 | Deep Dive |
| CVE-2026-33335 | Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal | go-vikunja | vikunja | 中危 | - | 2026-03-24 15:07:41 | Deep Dive |
| CVE-2026-33334 | Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration | go-vikunja | vikunja | 中危 | - | 2026-03-24 15:02:20 | Deep Dive |
| CVE-2026-33316 | Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement | go-vikunja | vikunja | High | 8.1 | 2026-03-24 14:59:17 | Deep Dive |
| CVE-2026-33315 | Vikunja has a 2FA Bypass via Caldav Basic Auth | go-vikunja | vikunja | 中危 | - | 2026-03-24 14:53:34 | Deep Dive |
| CVE-2026-33313 | Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments | go-vikunja | vikunja | 中危 | - | 2026-03-24 14:50:12 | Deep Dive |
| CVE-2026-33312 | Read-only Vikunja users can delete project background images via broken object-level authorization | go-vikunja | vikunja | 中危 | - | 2026-03-20 14:42:14 | Deep Dive |
| CVE-2026-29794 | Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers | go-vikunja | vikunja | Medium | 5.3 | 2026-03-20 14:39:59 | Deep Dive |
| CVE-2026-28268 | Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse | go-vikunja | vikunja | Critical | 9.8 | 2026-02-27 20:16:30 | Deep Dive |
| CVE-2026-27819 | Vikunja has Path Traversal in CLI Restore | go-vikunja | vikunja | High | 7.2 | 2026-02-25 21:40:39 | Deep Dive |
| CVE-2026-27616 | Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure | go-vikunja | vikunja | High | 7.3 | 2026-02-25 21:37:58 | Deep Dive |
| CVE-2026-27575 | Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change | go-vikunja | vikunja | Critical | 9.1 | 2026-02-25 21:35:23 | Deep Dive |
| CVE-2026-27116 | Vikunja has Reflected HTML Injection via filter Parameter in Projects Module | go-vikunja | vikunja | Medium | 6.1 | 2026-02-25 21:33:50 | Deep Dive |
| CVE-2026-25935 | Vikunja Affected by XSS Via Task Preview | go-vikunja | vikunja | - | - | 2026-02-11 20:47:53 | Deep Dive |