Known Vulnerabilities for Couch by Couchcms
Listed below are 1 of the newest known vulnerabilities associated with "Couch" by "Couchcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-70949 json | An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing... | Not Provided | 2026-03-05 | 2026-03-06 |
| CVE-2025-70948 json | A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset... | Not Provided | 2026-03-05 | 2026-03-06 |
| CVE-2025-15005 json | A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.p... | Not Provided | 2025-12-22 | 2026-02-24 |
| CVE-2018-7662 json | Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php... | 5.3 - MEDIUM | 2018-03-04 | 2018-03-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Couchcms | Couch | 2.2 | |||
| Application | Couchcms | Couch | 2.1 | |||
| Application | Couchcms | Couch | 2.0 | |||
| Application | Couchcms | Couch | 1.4.7 | |||
| Application | Couchcms | Couch | 1.4.5 | |||
| Application | Couchcms | Couch | 1.4.5 | |||
| Application | Couchcms | Couch | 1.4.5 | |||
| Application | Couchcms | Couch | 1.4 | |||
| Application | Couchcms | Couch | 1.3.5 |