withknown CVE Vulnerabilities & Metrics

Focus on withknown vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About withknown Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with withknown. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total withknown CVEs: 5
Earliest CVE date: 08 Jul 2022, 12:15 UTC
Latest CVE date: 13 Feb 2026, 22:16 UTC

Latest CVE reference: CVE-2026-26273

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical withknown CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.72

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS withknown CVEs

These are the five CVEs with the highest CVSS scores for withknown, sorted by severity first and recency.

CVE-2022-33011 withknown Published on 08 Jul 2022, 12:15 UTC (CVSS: 6.8)
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
CVE-2022-32115 withknown Published on 08 Jul 2022, 12:15 UTC (CVSS: 4.3)
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-30852 withknown Published on 08 Jul 2022, 12:15 UTC (CVSS: 4.0)
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
CVE-2022-31290 withknown Published on 08 Jul 2022, 12:15 UTC (CVSS: 3.5)
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
CVE-2026-26273 withknown Published on 13 Feb 2026, 22:16 UTC (CVSS: 0)
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover ...

All CVEs for withknown

CVE-2026-26273 withknown vulnerability CVSS: 0 13 Feb 2026, 22:16 UTC

Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.

CVE-2022-33011 withknown vulnerability CVSS: 6.8 08 Jul 2022, 12:15 UTC

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.

CVE-2022-32115 withknown vulnerability CVSS: 4.3 08 Jul 2022, 12:15 UTC

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.

CVE-2022-31290 withknown vulnerability CVSS: 3.5 08 Jul 2022, 12:15 UTC

A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.

CVE-2022-30852 withknown vulnerability CVSS: 4.0 08 Jul 2022, 12:15 UTC

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).