Vendor Products CVEs KEV Avg EPSS Worst Severity 1 4 0 24.6% HIGH
CVE ID Description Severity CVSS KEV EPSS Published CVE-2026-29828 DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc. MEDIUM 6.1 — 5.0% Mar 20, 2026 CVE-2025-55455 DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext. LOW 3.5 — 17.1% Aug 22, 2025 CVE-2025-55454 An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file. HIGH 8.8 — 44.7% Aug 22, 2025 CVE-2024-34906 An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. MEDIUM 5.4 — 31.6% May 15, 2024