Cryptpad
Sign in to watchby Xwiki
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-51846 | Hig | 0.42 | 7.5 | 0.01 | Apr 30, 2026 | CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2. | |
| CVE-2017-1000051 | Med | 0.40 | 6.1 | 0.00 | Jul 17, 2017 | Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content |