All 3 CVE vulnerabilities found in initiative, with AI-generated Chinese analysis, references, and POCs.
Vendor: Morelitea
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28276 | Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint CWE-200 | 7.5 | High | 2026-02-26 |
| CVE-2026-28275 | Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid) CWE-613 | 8.1 | High | 2026-02-26 |
| CVE-2026-28274 | Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads CWE-79 | 8.7 | High | 2026-02-26 |
All 3 known CVE vulnerabilities affecting initiative with full Chinese analysis, references, and POCs where available.