VYPR

Xmind

by Xmind

CVEs (3)

  • CVE-2014-2680HigJan 21, 2020
    risk 0.53cvss 8.1epss 0.02

    The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.

  • CVE-2026-0777HigFeb 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2021-47844MedJan 16, 2026
    risk 0.40cvss 6.1epss 0.00

    Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code…