Browse all 9 CVE security advisories affecting humhub. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29048 | HumHub: XSS in Button component — humhubCWE-79 | 5.4 | - | 2026-03-06 |
| CVE-2026-29052 | HumHub Calendar Module: Stored XSS in Event Types — calendarCWE-79 | 5.4 | - | 2026-03-05 |
| CVE-2025-65963 | CFiles Unauthorized Folder/ZIP Access in Public Spaces — cfilesCWE-284 | 5.4 | Medium | 2025-11-25 |
| CVE-2025-64442 | HumHub is vulnerable to XSS through its Meta Search component — humhubCWE-79 | 6.1 | - | 2025-11-07 |
| CVE-2025-54790 | Files: Potential for SQL Injection through File Browse and List Operations — cfilesCWE-89 | 6.5 | - | 2025-08-01 |
| CVE-2025-54789 | Files is Vulnerable to Reflected Self-XSS through its File Move Functionality — cfilesCWE-80 | 5.4 | - | 2025-08-01 |
| CVE-2022-31133 | Cross site scripting in HumHub — humhubCWE-79 | 5.9 | Medium | 2022-07-07 |
| CVE-2022-24865 | Improper access control in humhub — humhubCWE-200 | 6.5 | Medium | 2022-04-20 |
| CVE-2021-43847 | Authorization Bypass in Space Invite in HumHub — humhubCWE-285 | 6.5 | Medium | 2021-12-20 |
This page lists every published CVE security advisory associated with humhub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.