Browse all 8 CVE security advisories affecting docmost. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-40927 | Docmost: XSS in Comments with JavaScript URI — docmostCWE-79 | 5.4 | Medium | 2026-04-21 |
| CVE-2026-34213 | Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation — docmostCWE-639 | 5.4 | Medium | 2026-04-14 |
| CVE-2026-34212 | Docmost page content has stored XSS via unsanitized attachment URLs — docmostCWE-79 | 5.4 | Medium | 2026-04-14 |
| CVE-2026-33193 | Docmost vulnerable to stored XSS via MIME type spoofing — docmostCWE-79 | 4.6 | Medium | 2026-04-14 |
| CVE-2026-33146 | Docmost's Public Share Search Exposes Metadata of Restricted Children — docmostCWE-285 | 4.3 | Medium | 2026-04-14 |
| CVE-2026-24045 | Docmost Affected by Stored XSS in Public Share Page — docmostCWE-79 | 7.3 | High | 2026-02-10 |
| CVE-2026-23630 | Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering — docmostCWE-79 | 5.4AI | MediumAI | 2026-01-21 |
| CVE-2026-22249 | Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip) — docmostCWE-22 | 7.1 | High | 2026-01-15 |
This page lists every published CVE security advisory associated with docmost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.