All 3 CVE vulnerabilities found in papra, with AI-generated Chinese analysis, references, and POCs.
Vendor: papra-hq
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35462 | Papra Does Not Reject Expired API Keys CWE-613 | 4.3 | Medium | 2026-04-07 |
| CVE-2026-35461 | Papra has a Blind Server-Side Request Forgery (SSRF) via Webhook URL CWE-918 | 5.0 | Medium | 2026-04-07 |
| CVE-2026-35460 | Papra has an HTML Injection in Transactional Emails via Unescaped User Display Name CWE-80 | 4.3 | Medium | 2026-04-07 |
All 3 known CVE vulnerabilities affecting papra with full Chinese analysis, references, and POCs where available.