Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by toeverything
CVE-2026-7702 (GCVE-0-2026-7702)
Vulnerability from cvelistv5 – Published: 2026-05-03 15:45 – Updated: 2026-05-04 13:04
VLAI
Title
toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization
Summary
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360871 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360871/cti | signaturepermissions-required |
| https://vuldb.com/submit/804455 | third-party-advisory |
| https://github.com/ngocnn97/security-advisories/b… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| toeverything | AFFiNE |
Affected:
0.26.0
Affected: 0.26.1 Affected: 0.26.2 Affected: 0.26.3 cpe:2.3:a:affine:affine:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:04:48.482904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:04:55.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:affine:affine:*:*:*:*:*:*:*:*"
],
"modules": [
"Public Markdown Preview Endpoint"
],
"product": "AFFiNE",
"vendor": "toeverything",
"versions": [
{
"status": "affected",
"version": "0.26.0"
},
{
"status": "affected",
"version": "0.26.1"
},
{
"status": "affected",
"version": "0.26.2"
},
{
"status": "affected",
"version": "0.26.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ngocnn97 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-03T15:45:10.969Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360871 | toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360871"
},
{
"name": "VDB-360871 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360871/cti"
},
{
"name": "Submit #804455 | AFFiNE AFFiNE (https://github.com/toeverything/AFFiNE) 0.26.3 Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/804455"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ngocnn97/security-advisories/blob/main/AFFiNE_BAC_PoC.mp4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-02T22:39:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7702",
"datePublished": "2026-05-03T15:45:10.969Z",
"dateReserved": "2026-05-02T20:34:33.828Z",
"dateUpdated": "2026-05-04T13:04:55.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25477 (GCVE-0-2026-25477)
Vulnerability from cvelistv5 – Published: 2026-03-02 19:14 – Updated: 2026-03-02 20:30
VLAI
Title
AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
Summary
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/toeverything/AFFiNE/security/a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| toeverything | AFFiNE |
Affected:
< 0.26.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:29:57.272805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:30:32.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AFFiNE",
"vendor": "toeverything",
"versions": [
{
"status": "affected",
"version": "\u003c 0.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:14:05.003Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289"
}
],
"source": {
"advisory": "GHSA-wx9m-v7wq-g289",
"discovery": "UNKNOWN"
},
"title": "AFFiNE: Open Redirect via Regex Bypass in redirect-proxy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25477",
"datePublished": "2026-03-02T19:14:05.003Z",
"dateReserved": "2026-02-02T16:31:35.820Z",
"dateUpdated": "2026-03-02T20:30:32.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21853 (GCVE-0-2026-21853)
Vulnerability from cvelistv5 – Published: 2026-03-02 18:55 – Updated: 2026-03-02 19:19
VLAI
Title
AFFiNE: One-click Remote Code Execution through Custom URL Handling
Summary
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/toeverything/AFFiNE/security/a… | x_refsource_CONFIRM |
| https://github.com/toeverything/AFFiNE/pull/13864 | x_refsource_MISC |
| https://github.com/toeverything/AFFiNE/commit/c9a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| toeverything | AFFiNE |
Affected:
< 0.25.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T19:18:43.190650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:19:18.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AFFiNE",
"vendor": "toeverything",
"versions": [
{
"status": "affected",
"version": "\u003c 0.25.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim\u2019s machine, without further interaction. This issue has been patched in version 0.25.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T18:55:04.978Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965"
},
{
"name": "https://github.com/toeverything/AFFiNE/pull/13864",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/toeverything/AFFiNE/pull/13864"
},
{
"name": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80"
}
],
"source": {
"advisory": "GHSA-67vm-2mcj-8965",
"discovery": "UNKNOWN"
},
"title": "AFFiNE: One-click Remote Code Execution through Custom URL Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21853",
"datePublished": "2026-03-02T18:55:04.978Z",
"dateReserved": "2026-01-05T16:44:16.366Z",
"dateUpdated": "2026-03-02T19:19:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11945 (GCVE-0-2025-11945)
Vulnerability from cvelistv5 – Published: 2025-10-19 21:02 – Updated: 2025-10-22 20:35
VLAI
Title
toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting
Summary
A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329025 | vdb-entry |
| https://vuldb.com/?ctiid.329025 | signaturepermissions-required |
| https://vuldb.com/?submit.670888 | third-party-advisory |
| https://drive.google.com/file/d/1L6gX0GY8cE9rS6o5… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| toeverything | AFFiNE |
Affected:
0.24.0
Affected: 0.24.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:46:40.858973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:35:41.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Avatar Upload Image Endpoint"
],
"product": "AFFiNE",
"vendor": "toeverything",
"versions": [
{
"status": "affected",
"version": "0.24.0"
},
{
"status": "affected",
"version": "0.24.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HAMZAOUI Mohamed (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in toeverything AFFiNE up to 0.24.1 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente Avatar Upload Image Endpoint. Die Manipulation f\u00fchrt zu cross site scripting. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-19T21:02:06.115Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329025 | toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.329025"
},
{
"name": "VDB-329025 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329025"
},
{
"name": "Submit #670888 | toeverything AFFiNE 0.24.1 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670888"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1L6gX0GY8cE9rS6o50oJzuMRPVMerFQNS"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-19T05:04:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11945",
"datePublished": "2025-10-19T21:02:06.115Z",
"dateReserved": "2025-10-19T02:58:55.406Z",
"dateUpdated": "2025-10-22T20:35:41.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}