Konga Project Konga vulnerabilities
2 known vulnerabilities affecting konga_project/konga.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-42192P2HIGHCVSS 8.8PoCv0.14.92022-05-04
CVE-2021-42192 [HIGH] CWE-863 CVE-2021-42192: Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted req
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
nvd
CVE-2023-26987P3MEDIUMCVSS 6.5v0.14.92023-05-01
CVE-2023-26987 [MEDIUM] CVE-2023-26987: An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless o
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
nvd