Pwndoc_project Pwndoc

9 CVEs affecting Pwndoc_project Pwndoc. Latest disclosed: 2025-02-28. Critical: 0, High: 3.

Top CVEs affecting Pwndoc_project Pwndoc
CVESeverityScorePublishedSummary
CVE-2022-45771High8.82022-12-05An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.
CVE-2021-31590High8.82021-07-19PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used…
CVE-2024-55602High7.62024-12-10PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and downlo…
CVE-2025-23044Medium6.82025-01-20PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This in…
CVE-2025-27413Medium6.52025-02-28PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into th…
CVE-2025-27410Medium6.52025-02-28PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's…
CVE-2024-55653Medium6.52024-12-10PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `Unhandle…
CVE-2022-44023Medium5.32022-10-30PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.
CVE-2022-44022Medium5.32022-10-30PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.