CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

7.5CVSS6.8AI score0.00229EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:40 p.m.•2 views

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.2AI score0.00373EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:29 p.m.•8 views

CVE-2021-3915

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type...

7.6CVSS6.8AI score0.00334EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:12 p.m.•6 views

CVE-2021-3944

bookstack is vulnerable to Cross-Site Request Forgery CSRF...

6.8CVSS6.8AI score0.00068EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:11 p.m.•5 views

CVE-2021-3916

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

6.5CVSS6.8AI score0.00397EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:11 p.m.•6 views

CVE-2021-3906

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type...

6.5CVSS6.8AI score0.00229EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:10 p.m.•3 views

CVE-2021-3874

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

6.5CVSS6.8AI score0.00378EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:6 p.m.•4 views

CVE-2021-3768

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS6.8AI score0.00181EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:41 p.m.•3 views

CVE-2021-4119

bookstack is vulnerable to Improper Access Control...

9.8CVSS6.7AI score0.00425EPSS

Exploits1

RedhatCVE•added 2025/05/22 7:27 p.m.•3 views

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery SSRF...

6.5CVSS6.9AI score0.0024EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:48 p.m.•4 views

CVE-2021-4194

bookstack is vulnerable to Improper Access Control...

6.5CVSS6.8AI score0.0016EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:44 p.m.•2 views

CVE-2021-4026

bookstack is vulnerable to Improper Access Control...

6.5CVSS6.8AI score0.00215EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:44 p.m.•4 views

CVE-2021-3767

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS6.8AI score0.00261EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:23 p.m.•2 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

6.3CVSS5.3AI score0.00391EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:22 a.m.•2 views

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code...

5.4CVSS6.8AI score0.0032EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by