VYPR

Ech0

by Lin Snow

Source repositories

CVEs (3)

  • CVE-2026-35036HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is…

  • CVE-2026-35037HigApr 6, 2026
    risk 0.40cvss 7.2epss 0.00

    Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target…

  • CVE-2026-33638MedMar 26, 2026
    risk 0.27cvss 5.3epss 0.00

    Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of…