CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/02/06 7:23 p.m.•2 views

EUVD-2026-5588

4.3CVSS5.3AI score0.00043EPSS

Cvelist•added 2026/02/06 7:23 p.m.•19 views

CVE-2026-25642 HedgeDoc security headers for uploaded files were not working

4.3CVSS0.00043EPSS

Vulnrichment•added 2026/02/06 7:23 p.m.•3 views

CVE-2026-25642 HedgeDoc security headers for uploaded files were not working

CVE•added 2026/02/06 7:23 p.m.•7 views

CVE-2026-25642

CVE-2026-25642 affects HedgeDoc; prior to version 1.10.6, the security policy for files served under /uploads/ was insufficient, resulting in a too open Content-Security-Policy and enabling hosting of malicious interactive content (e.g., fake login forms) via SVG files. The issue is fixed in 1.10...

6.1CVSS5.4AI score0.00043EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/06 7:23 p.m.•3 views

CVE-2026-25642 HedgeDoc security headers for uploaded files were not working

ATTACKERKB•added 2026/02/06 7:23 p.m.•2 views

Exploits0References6

CVE-2026-25642

Exploits0References5Affected Software1

Positive Technologies•added 2026/02/06 12:0 a.m.•1 views

PT-2026-6783

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.10.6 Description HedgeDoc is a real-time, collaborative, markdown notes application. Versions before 1.10.6 had a permissive Content-Security-Policy for files served under the /uploads/ endpoint. This allowed for t...

CNNVD•added 2026/02/06 12:0 a.m.•2 views

Exploits0References9

HedgeDoc 跨站脚本漏洞

HedgeDoc is a JavaScript-based platform for real-time editing and sharing of Markdown documents. Versions of HedgeDoc prior to 1.10.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of stricter security policies applied to files located in the /uploads/...

6.1CVSS5.7AI score0.00043EPSS

RedhatCVE•added 2025/12/06 10:52 p.m.•6 views

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

4.3CVSS6.8AI score0.00015EPSS

Exploits0References1

NVD•added 2025/12/05 11:15 p.m.•2 views

CVE-2025-66629

4.3CVSS0.00015EPSS

Cvelist•added 2025/12/05 10:47 p.m.•17 views

CVE-2025-66629 HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF

3.7CVSS0.00015EPSS

EUVD•added 2025/12/05 10:47 p.m.•1 views

EUVD-2025-201504

3.7CVSS6.3AI score0.00015EPSS

CVE•added 2025/12/05 10:47 p.m.•10 views

CVE-2025-66629

HedgeDoc versions prior to 1.10.4 are affected by missing CSRF protection in OAuth2 endpoints for social logins (Google, GitHub, GitLab, Facebook, Dropbox) due to not sending/verifying a state parameter. This could allow attackers to hijack user authentication sessions. The issue is fixed in 1.10...

4.3CVSS6.4AI score0.00015EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/12/05 10:47 p.m.•2 views

CVE-2025-66629 HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF

3.7CVSS6.4AI score0.00015EPSS

OSV•added 2025/12/05 10:47 p.m.•2 views

CVE-2025-66629 HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF

3.7CVSS6.7AI score0.00015EPSS