VYPR
Vendor

Xmind

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2014-2680HigJan 21, 2020
    risk 0.53cvss 8.1epss 0.02

    The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.

  • CVE-2026-0777HigFeb 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2021-47844MedJan 16, 2026
    risk 0.40cvss 6.1epss 0.00

    Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code…