267 matches found
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting
DokuWiki 2025-05-14a 'Librarian' contains a stored XSS caused by improper sanitization of the 'q' parameter, letting remote attackers execute arbitrary scripts, exploit requires no special privileges. id: CVE-2025-61224 info: name: DokuWiki = 2025-05-14a Librarian - Reflected Cross-Site Scripting...
EUVD-2026-40863
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php...
CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
UBUNTU-CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
PT-2026-54001
Name of the Vulnerable Software and Affected Versions DokuWiki version 2025-05-14b "Librarian" 56.2 Description A remote attacker can execute arbitrary code through the register function in the inc/auth.php file. This issue may also allow the creation of unauthorized accounts via the same functio...
CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
CVE-2026-37106
CVE-2026-37106 affects DokuWiki (version 2025-05-14b “Librarian” 56.2) where the register function in inc/auth.php can be abused by a remote attacker to create new user accounts. Some sources additionally indicate potential arbitrary code execution via this path; the vendor notes this may reflect...
Linux Distros Unpatched Vulnerability : CVE-2026-26477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dokuwiki v.2025-05-14b Librarian 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
EUVD-2026-18657
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
UBUNTU-CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
PT-2026-30048
Name of the Vulnerable Software and Affected Versions Dokuwiki version 2025-05-14b Description A flaw exists in Dokuwiki version 2025-05-14b 'Librarian' that could allow a remote attacker to cause a denial of service. The issue is related to the media upload xhr function within the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
Summary: CVE-2026-26477 affects Dokuwiki (version 2025-05-14b, Librarian). The vulnerability arises in the media_upload_xhr() function within media.php, enabling a remote attacker to cause a denial of service. Affected component: Dokuwiki media handling, specifically media.php’s media_upload_xhr(...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-0612
The Librarian contains a information leakage vulnerability through the webfetch tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions ...
CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...