← Back

Konga Project

konga_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Konga
konga
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-26987
1Konga Project
1Konga
Jan 30, 2025
May 1, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
CVE-2021-42192
1Konga Project
1Konga
Nov 21, 2024
May 4, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.