Lucene search
K

73 matches found

Cvelist
Cvelist
added 2026/01/15 6:43 p.m.26 views

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

7.1CVSS0.00502EPSS
Exploits1References4
CVE
CVE
added 2026/01/15 6:43 p.m.11 views

CVE-2026-22249

CVE-2026-22249—Docmost is affected in versions 0.21.0 through before 0.24.0. The vulnerability stems from an Arbitrary File Write via Zip Import (ZipSlip) in the import utility, where filename validation is missing in apps/server/src/integrations/import/utils/file.utils.ts. This can enable unauth...

9.8CVSS6.5AI score0.00502EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3091

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

7.1CVSS6.9AI score0.00502EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Docmost security vulnerabilities

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the ZIP import function’s lack of filename validation, which could lead to arbitrary file writin...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25706

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.6 views

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

6.1CVSS6.9AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/08/25 4:15 p.m.5 views

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

6.1CVSS0.00265EPSS
Exploits0References1
OSV
OSV
added 2025/08/25 12:0 a.m.3 views

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

6.1CVSS7.2AI score0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.9 views

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.5 views

Docmost 安全漏洞

Docmost is an open collaboration wiki and documentation software from Docmost Open Source. A security vulnerability exists in Docmost 0.21.0 and earlier versions, which stems from vulnerability to cross-site scripting attacks that could lead to the execution of arbitrary code...

6.1CVSS6.3AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.5 views

PT-2025-34672 · Docmost · Docmost

Name of the Vulnerable Software and Affected Versions: docmost versions prior to 0.21.0 Description: A Cross Site Scripting issue exists in docmost versions prior to 0.21.0, potentially allowing an attacker to execute arbitrary code. Recommendations: Update to a version newer than 0.21.0...

6.1CVSS6.7AI score0.00265EPSS
Exploits0References3
CVE
CVE
added 2025/08/25 12:0 a.m.21 views

CVE-2025-55574

CVE-2025-55574 affects Docmost software. The identified issue is a Cross-Site Scripting vulnerability in docmost versions prior to 0.21.0 that could allow an attacker to execute arbitrary code. Root cause details are not fully disclosed across all documents, but PT-2025-34672 explicitly states th...

6.1CVSS7.5AI score0.00265EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.3 views

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

7AI score0.00265EPSS
Exploits0References1
Rows per page
Query Builder