High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-09	CVE-2021-43802	Unspecified vulnerability in Etherpad Etherpad is a real-time collaborative editor. network low complexity etherpad	8.8
2021-07-21	CVE-2021-34816	Argument Injection or Modification vulnerability in Etherpad 1.8.13 An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. network low complexity etherpad CWE-88	7.2
2021-04-28	CVE-2020-22784	Incorrect Comparison vulnerability in Etherpad Ueberdb In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. network low complexity etherpad CWE-697	7.5
2021-04-28	CVE-2020-22782	Unspecified vulnerability in Etherpad Etherpad < 1.8.3 is affected by a denial of service in the import functionality. network low complexity etherpad	7.5
2021-04-28	CVE-2020-22785	Allocation of Resources Without Limits or Throttling vulnerability in Etherpad Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. network low complexity etherpad CWE-770	7.5
2021-04-28	CVE-2020-22781	SQL Injection vulnerability in Etherpad In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). network low complexity etherpad CWE-89	7.5
2020-02-13	CVE-2015-3309	Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. network low complexity etherpad CWE-22	7.5
2018-04-07	CVE-2018-9327	Improper Input Validation vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. network high complexity etherpad CWE-20	8.1
2018-04-07	CVE-2018-9325	Information Exposure vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. network low complexity etherpad CWE-200	7.5
2018-01-12	CVE-2015-2298	Information Exposure vulnerability in Etherpad 1.5.0/1.5.1 node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. network low complexity etherpad CWE-200	7.5