Vulnerabilities (CVE)

Filtered by vendor Konga Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26987 1 Konga Project 1 Konga 2024-11-21 N/A 6.5 MEDIUM
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
CVE-2021-42192 1 Konga Project 1 Konga 2024-11-21 9.0 HIGH 8.8 HIGH
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.