CVE-2026-25156
- EPSS 0.04%
- Veröffentlicht 30.01.2026 22:11:35
- Zuletzt bearbeitet 19.02.2026 15:10:01
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended beh...
CVE-2026-23878
- EPSS 0.04%
- Veröffentlicht 19.01.2026 18:08:41
- Zuletzt bearbeitet 05.02.2026 18:39:14
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to downlo...
CVE-2026-23836
- EPSS 0.14%
- Veröffentlicht 19.01.2026 18:06:04
- Zuletzt bearbeitet 18.02.2026 16:01:00
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in re...
CVE-2022-4819
- EPSS 0.31%
- Veröffentlicht 28.12.2022 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:00
A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453...