Browse all 4 CVE security advisories affecting toeverything. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Toeverything develops a collaborative workspace platform focused on knowledge management and team productivity. Historically, the platform has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues, as evidenced by its four recorded CVEs. Security researchers have identified authentication bypass weaknesses and insufficient input validation as recurring problems. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities affecting multiple components suggests potential risks for organizations relying on the platform for sensitive data handling. Regular security updates and proper hardening remain critical for mitigating these risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7702 | toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization — AFFiNECWE-639 | 5.3 | Medium | 2026-05-03 |
| CVE-2026-25477 | AFFiNE: Open Redirect via Regex Bypass in redirect-proxy — AFFiNECWE-601 | 5.4AI | MediumAI | 2026-03-02 |
| CVE-2026-21853 | AFFiNE: One-click Remote Code Execution through Custom URL Handling — AFFiNECWE-94 | 8.8 | High | 2026-03-02 |
| CVE-2025-11945 | toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting — AFFiNECWE-79 | 3.5 | Low | 2025-10-19 |
This page lists every published CVE security advisory associated with toeverything. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.