CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/01/30 10:11 p.m.•16 views

CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments

7.3CVSS0.0006EPSS

OSV•added 2026/01/30 10:11 p.m.•3 views

CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments

ATTACKERKB•added 2026/01/30 10:11 p.m.•3 views

Exploits0References6

CVE-2026-25156

Vulnrichment•added 2026/01/30 10:11 p.m.•2 views

Exploits0References5

CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments

7.3CVSS5.2AI score0.0006EPSS

EUVD•added 2026/01/30 10:11 p.m.•5 views

EUVD-2026-5000

CVE•added 2026/01/30 10:11 p.m.•5 views

CVE-2026-25156

HotCRP (versions 2025-10 to 2026-01) delivered inline content for all document types due to Content-Disposition handling, allowing HTML/SVG to render in the browser with HotCRP credentials and potential API access. Root cause: a commit introduced this behavior; it affected development versions an...

Exploits0References4Affected Software1

Positive Technologies•added 2026/01/30 12:0 a.m.•3 views

PT-2026-5496

Name of the Vulnerable Software and Affected Versions HotCRP versions October 2025 through January 2026 Description HotCRP is conference review software. Versions between October 2025 and January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in...

CNNVD•added 2026/01/30 12:0 a.m.•1 views

Exploits0References9

HotCRP Conference Review Software Cross-Site Script Vulnerabilities

HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. The version of HotCRP Conference Review Software dated October 2025 to January 2026 contained a cross-site scripting vulnerability. This...

7.3CVSS5.6AI score0.0006EPSS

Exploits0References5

RedhatCVE•added 2026/01/20 6:18 p.m.•2 views

CVE-2026-23836

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

9.9CVSS6AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 6:18 p.m.•3 views

CVE-2026-23878

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

6.5CVSS5.4AI score0.00056EPSS

Exploits0References1

NVD•added 2026/01/19 7:16 p.m.•1 views

CVE-2026-23878

6.5CVSS0.00056EPSS

NVD•added 2026/01/19 6:16 p.m.•2 views

CVE-2026-23836

9.9CVSS0.00209EPSS

CVE•added 2026/01/19 6:8 p.m.•6 views

CVE-2026-23878

HotCRP vulnerability CVE-2026-23878: Affects HotCRP conference review software where, from commit aa20ef288828b04550950cf67c831af8a525f508 to before commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a site could use the document API to download any submissio...

6.5CVSS5.4AI score0.00056EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/01/19 6:8 p.m.•15 views

CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents

6.5CVSS0.00056EPSS

EUVD•added 2026/01/19 6:8 p.m.•3 views

EUVD-2026-3304

6.5CVSS5.4AI score0.00056EPSS