cbcvebase.

Idno Known vulnerabilities

7 known vulnerabilities affecting idno/known.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-26273P2CRITICALCVSS 9.8fixed in 1.6.32026-02-13
CVE-2026-26273 [CRITICAL] CWE-200 CVE-2026-26273: Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerabilit Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the
ghsanvdosv
CVE-2026-28508P2CRITICAL≥ 0, < 1.6.42026-03-02
CVE-2026-28508 [CRITICAL] CWE-918 Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint ## Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server to make arbitrary outbound HTTP reque
ghsaosv
CVE-2026-28507P3HIGH≥ 0, < 1.6.42026-03-02
CVE-2026-28507 [HIGH] CWE-78 Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal **Affected Versions:** Tested on current `dev` branch (build fingerprint `505[...]7bd86`) **CVSS v4 Score:** 8.6 ([CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/S
ghsaosv
CVE-2022-33011P3HIGH≥ 0, ≤ 1.3.12022-07-09
CVE-2022-33011 [HIGH] CWE-74 Known vulnerable to account takeover via host header injection attack in v1.3.1 Known vulnerable to account takeover via host header injection attack in v1.3.1 Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is c
ghsaosv
CVE-2022-32115P4MEDIUM≥ 0, ≤ 1.3.12022-07-09
CVE-2022-32115 [MEDIUM] CWE-79 Known vulnerable to code execution via SVG file in v1.3.1 Known vulnerable to code execution via SVG file in v1.3.1 An issue in the isSVG() function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno
ghsaosv
CVE-2022-31290P4MEDIUM≥ 0, ≤ 1.3.12022-07-09
CVE-2022-31290 [MEDIUM] CWE-79 Known v1.3.1 Cross-site Scripting Known v1.3.1 Cross-site Scripting A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on
ghsaosv
CVE-2022-30852P4MEDIUM≥ 0, ≤ 1.3.12022-07-09
CVE-2022-30852 [MEDIUM] CWE-639 Known v1.3.1 contains Insecure Direct Object Reference Known v1.3.1 contains Insecure Direct Object Reference Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.
ghsaosv
Idno Known vulnerabilities | cvebase