Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 10:11 p.m.3 views

CVE-2026-25156

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

7.3CVSS5.8AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/30 10:11 p.m.19 views

CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

7.3CVSS0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.8 views

PT-2026-5496

Name of the Vulnerable Software and Affected Versions HotCRP versions October 2025 through January 2026 Description HotCRP is conference review software. Versions between October 2025 and January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in...

7.3CVSS5.8AI score0.00227EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/20 6:18 p.m.6 views

CVE-2026-23836

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

9.9CVSS6AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/19 6:8 p.m.26 views

CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

6.5CVSS0.00257EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52096

Malicious code in bioql PyPI...

6.1CVSS4.2AI score0.00511EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.4 views

CVE-2022-4819

A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to...

6.1CVSS6.2AI score0.00511EPSS
Exploits0
Rows per page
Query Builder