Senkas Kolibri vulnerabilities
3 known vulnerabilities affecting senkas/kolibri.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2014-4158P2HIGHCVSS 7.5PoCv2.02014-06-13
CVE-2014-4158 [HIGH] CWE-119 CVE-2014-4158: Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a l
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
nvd
CVE-2010-5301P3HIGHCVSS 7.5PoCv2.02014-06-13
CVE-2010-5301 [HIGH] CWE-119 CVE-2010-5301: Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a l
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
nvd
CVE-2026-48053MEDIUM≥ 0, < 0.19.42026-06-11
CVE-2026-48053 [MEDIUM] CWE-918 Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
## Summary
Several Kolibri API endpoints accept an unvalidated `baseurl` parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the `RemoteFacilityUser*` viewsets; remedi
ghsa