7 matches found
CVE-2026-25156
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...
PT-2026-5496
Name of the Vulnerable Software and Affected Versions HotCRP versions October 2025 through January 2026 Description HotCRP is conference review software. Versions between October 2025 and January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in...
CVE-2026-23836
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...
CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...
EUVD-2022-52096
Malicious code in bioql PyPI...
CVE-2022-4819
A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to...