Tag
A critical vulnerability in Vikunja versions prior to 2.2.0 allows disabled users to bypass administrator controls and reactivate their accounts by exploiting a flaw in the password reset logic.