Browse all 4 CVE security advisories affecting s9y. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39971 | Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST — SerendipityCWE-113 | 7.2 | High | 2026-04-14 |
| CVE-2026-39963 | Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain — SerendipityCWE-565 | 6.9 | Medium | 2026-04-14 |
| CVE-2023-53933 | Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload — SerendipityCWE-434 | 8.8 | High | 2025-12-17 |
| CVE-2023-53932 | Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation — SerendipityCWE-79 | 5.4 | Medium | 2025-12-17 |
This page lists every published CVE security advisory associated with s9y. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.