Every CVE whose affected-product data names Pwndoc Project Pwndoc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-45771 — CVSS 8.8 (high): An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a…
CVE-2021-31590 — CVSS 8.8 (high): PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON…
CVE-2024-55602 — CVSS 7.6 (high): PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able…
CVE-2025-23044 — CVSS 6.8 (medium): PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in…
CVE-2024-55653 — CVSS 6.5 (medium): PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by…
CVE-2025-27410 — CVSS 6.5 (medium): PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path…
CVE-2025-27413 — CVSS 6.5 (medium): PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to…
CVE-2022-44023 — CVSS 5.3 (medium): PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for…
CVE-2022-44022 — CVSS 5.3 (medium): PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication…