Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Documenso

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found

CVE-2026-13543
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 28.39%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 06:30
Updated-29 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

Action-Not Available
Vendor-n/a
Product-Documenso
CWE ID-CWE-287
Improper Authentication
CVE-2024-52271
Assigner-VULSec Labs
ShareView Details
Assigner-VULSec Labs
CVSS Score-8.2||HIGH
EPSS-0.21% / 10.97%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 13:56
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF Document Spoofing in Documenso

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.

Action-Not Available
Vendor-Documensodocumenso
Product-DocumensoDocumenso SaaS (Hosted)documenso
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information