Getoutline

Outline

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-33640

Exploit
  • EPSS 0.05%
  • Veröffentlicht 26.03.2026 20:56:37
  • Zuletzt bearbeitet 31.03.2026 01:42:34

Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP co...

4.3

CVE-2026-28506

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.03.2026 15:30:24
  • Zuletzt bearbeitet 19.03.2026 19:32:27

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity...

8.8

CVE-2026-24901

Exploit
  • EPSS 0.04%
  • Veröffentlicht 17.03.2026 15:28:28
  • Zuletzt bearbeitet 19.03.2026 19:32:41

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership o...

5.3

CVE-2025-68663

  • EPSS 0.07%
  • Veröffentlicht 11.02.2026 20:29:40
  • Zuletzt bearbeitet 20.02.2026 18:14:25

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and conti...

7.6

CVE-2025-64487

  • EPSS 0.01%
  • Veröffentlicht 11.02.2026 20:25:41
  • Zuletzt bearbeitet 20.02.2026 18:17:53

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership managem...

5.5

CVE-2026-25062

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 20:23:07
  • Zuletzt bearbeitet 20.02.2026 18:10:18

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFil...

7.8

CVE-2023-54331

Exploit
  • EPSS 0.01%
  • Veröffentlicht 13.01.2026 22:52:06
  • Zuletzt bearbeitet 02.02.2026 16:16:17

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to injec...

6.8

CVE-2025-58351

  • EPSS 0.04%
  • Veröffentlicht 03.09.2025 03:20:54
  • Zuletzt bearbeitet 20.10.2025 18:46:57

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CS...

5.4

CVE-2024-40626

Exploit
  • EPSS 0.18%
  • Veröffentlicht 16.07.2024 17:15:11
  • Zuletzt bearbeitet 10.10.2025 15:30:01

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document cont...

8.8

CVE-2024-37829

Exploit
  • EPSS 0.27%
  • Veröffentlicht 09.07.2024 21:15:14
  • Zuletzt bearbeitet 10.10.2025 16:41:10

An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link.