Robert-Fl

**Name of the Vulnerable Software and Affected Versions** Taiga versions prior to 6.9.1 **Description** Taiga, a project management platform for startups and agile developers, contains a stored Cross-Site Scripting (XSS) issue in its front-end. Stored XSS occurs when an application receives data from a user and includes that data within its later HTTP responses in a way that allows an attacker to execute scripts in the victim's browser. **Recommendations** Update to version 6.9.1.

**Name of the Vulnerable Software and Affected Versions** Vaultwarden versions prior to 1.35.4 **Description** A flaw in the login brute-force protection allows attackers to determine if a username and password combination is correct when email two-factor authentication (2FA) is enabled. The API endpoint "/api/two-factor/send-email-login" and its associated function `send email login()` act as an oracle, enabling password brute-forcing without rate-limiting. This issue affects all users, including those who have not configured email 2FA. **Recommendations** Update to version 1.35.4.