73 matches found
CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...
CVE-2026-22249
CVE-2026-22249—Docmost is affected in versions 0.21.0 through before 0.24.0. The vulnerability stems from an Arbitrary File Write via Zip Import (ZipSlip) in the import utility, where filename validation is missing in apps/server/src/integrations/import/utils/file.utils.ts. This can enable unauth...
PT-2026-3091
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...
Docmost security vulnerabilities
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the ZIP import function’s lack of filename validation, which could lead to arbitrary file writin...
EUVD-2025-25706
Malicious code in bioql PyPI...
CVE-2025-55574
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...
CVE-2025-55574
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...
CVE-2025-55574
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...
CVE-2025-55574
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...
Docmost 安全漏洞
Docmost is an open collaboration wiki and documentation software from Docmost Open Source. A security vulnerability exists in Docmost 0.21.0 and earlier versions, which stems from vulnerability to cross-site scripting attacks that could lead to the execution of arbitrary code...
PT-2025-34672 · Docmost · Docmost
Name of the Vulnerable Software and Affected Versions: docmost versions prior to 0.21.0 Description: A Cross Site Scripting issue exists in docmost versions prior to 0.21.0, potentially allowing an attacker to execute arbitrary code. Recommendations: Update to a version newer than 0.21.0...
CVE-2025-55574
CVE-2025-55574 affects Docmost software. The identified issue is a Cross-Site Scripting vulnerability in docmost versions prior to 0.21.0 that could allow an attacker to execute arbitrary code. Root cause details are not fully disclosed across all documents, but PT-2025-34672 explicitly states th...
CVE-2025-55574
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...