Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheAnswer*

14 matches found

CVE
CVEadded 2024/02/22 9:51 a.m.3853 views

CVE-2024-22393

The CVE-2024-22393 issue affects Apache Answer up to version 1.2.1 and enables a pixel-flood DoS by uploading large image files. A logged-in user can trigger memory exhaustion, leading to a server DoS. Remediation is to upgrade to version 1.2.5 (or later). Multiple sources (NVD, Red Hat, CNVD, Ve...

9.1CVSS9.2AI score0.0248EPSS
CVE
CVEadded 2024/04/21 4:4 p.m.70 views

CVE-2024-29217

CVE-2024-29217 concerns the Apache Answer project, with an XSS vulnerability caused by improper neutralization of input during web page generation. The issue affects Apache Answer prior to version 1.3.0 and can be triggered when a logged-in user edits their personal website, allowing injection of...

4.6CVSS4.7AI score0.00966EPSS
CVE
CVEadded 2024/08/09 2:53 p.m.70 views

CVE-2024-41890

CVE-2024-41890 affects Apache Answer up to version 1.3.5. The root issue is Missing Release of Resource after Effective Lifetime: password reset links issued in succession can remain valid during the link’s validity period, enabling potential misuse or hijacking of a previously issued link. A fix...

5.3CVSS6.7AI score0.01149EPSS
CVE
CVEadded 2024/11/22 2:36 p.m.67 views

CVE-2024-45719

CVE-2024-45719 concerns Apache Answer with an Inadequate Encryption Strength vulnerability affecting versions up to 1.4.0. The issue is that IDs generated using UUID v1 can be predictable, reducing token security. The recommended fix is upgrade to version 1.4.1, which closes the flaw. Connected s...

2.6CVSS3.7AI score0.00229EPSS
CVE
CVEadded 2024/08/09 2:55 p.m.60 views

CVE-2024-41888

The CVE-2024-41888 issue affects Apache Answer through version 1.3.5, where the password-reset link remains valid after use (not single-use), allowing potential misuse or hijacking. The impact is limited to authentication flow abuse as described; affected components are the password reset mechani...

5.3CVSS6.7AI score0.01222EPSS
CVE
CVEadded 2024/01/10 8:25 a.m.58 views

CVE-2023-49619

CVE-2023-49619 concerns Apache Answer. A race condition arises from concurrent submissions that manipulate the bookmark/collection count for a question, allowing repeated submissions (e.g., via a script) to increase the number of collections beyond normal limits. Affected versions are Apache Answ...

3.1CVSS4.1AI score0.00891EPSS
CVE
CVEadded 2026/06/09 7:34 a.m.35 views

CVE-2026-33582

The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...

6.5CVSS5.4AI score0.00479EPSS
CVE
CVEadded 2026/06/09 7:34 a.m.28 views

CVE-2026-34031

CVE-2026-34031 concerns Apache Answer up to version 2.0.0, where the server fails to validate user-supplied image URLs used for profile avatars. This allows embedding arbitrary external content as avatars, potentially enabling unintended external requests and tracking by third-party servers. A fi...

6.5CVSS5.5AI score0.00403EPSS
CVE
CVEadded 2026/06/10 2:57 p.m.27 views

CVE-2026-25700

CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...

7.2CVSS5.4AI score0.00448EPSS
CVE
CVEadded 2026/06/09 7:35 a.m.27 views

CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

6.5CVSS5.4AI score0.00325EPSS
CVE
CVEadded 2026/06/09 7:32 a.m.24 views

CVE-2026-25688

CVE-2026-25688 describes an XSS vulnerability in Apache Answer. The issue is an improper neutralization of alternate XSS syntax in AI-generated responses rendered in the browser, affecting Apache Answer up to version 2.0.0. Affected behavior allows execution of malicious scripts when content is v...

6.1CVSS5.3AI score0.00406EPSS
CVE
CVEadded 2026/06/09 7:33 a.m.23 views

CVE-2026-25699

CVE-2026-25699 applies to Apache Answer up to version 2.0.0, where timeline-related APIs lacked proper authorization checks. This could allow regular authenticated users to access deleted, private, or unapproved content and its revision history. The issue is addressed by upgrading to version 2.0....

6.1CVSS5.4AI score0.00406EPSS
CVE
CVEadded 2026/06/09 7:35 a.m.23 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.0035EPSS
CVE
CVEadded 2026/02/04 10:41 a.m.22 views

CVE-2026-24735

CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...

7.5CVSS5.3AI score0.00619EPSS