Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etherpad etherpad vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions before 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the malicious user to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad p...
Etherpad Etherpad
7.5
CVSSv2
CVE-2013-7380
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
Ep Imageconvert Project Ep Imageconvert
7.5
CVSSv2
CVE-2018-9845
Etherpad Lite prior to 1.6.4 is exploitable for admin access.
Etherpad Etherpad Lite
7.5
CVSSv2
CVE-2018-9326
Etherpad 1.6.3 prior to 1.6.4 allows an malicious user to execute arbitrary code.
Etherpad Etherpad 1.6.3
7.5
CVSSv2
CVE-2018-6835
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote malicious users to bypass intended access restrictions.
Etherpad Etherpad
2 Github repositories
6.8
CVSSv2
CVE-2018-9327
Etherpad 1.5.x and 1.6.x prior to 1.6.4 allows an malicious user to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
Etherpad Etherpad
6.5
CVSSv2
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
Etherpad Etherpad 1.8.13
5
CVSSv2
CVE-2020-22784
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.
Etherpad Ueberdb
5
CVSSv2
CVE-2020-22781
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
Etherpad Etherpad
5
CVSSv2
CVE-2020-22782
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
Etherpad Etherpad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »