Every CVE whose affected-product data names Hotcrp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-23836 — CVSS 9.9 (critical): HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for…
CVE-2026-25156 — CVSS 7.3 (high): HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline…
CVE-2026-23878 — CVSS 6.5 (medium): HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit…
CVE-2022-4819 — CVSS 2.4 (low): A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The…