Browse all 7 CVE security advisories affecting xyproto. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-48126 | Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir — algernonCWE-22 | 8.2 | High | 2026-05-26 |
| CVE-2026-46431 | Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * — algernonCWE-942 | 4.3 | Medium | 2026-05-26 |
| CVE-2026-46430 | Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS — algernonCWE-668 | 4.3 | Medium | 2026-05-26 |
| CVE-2026-45728 | Algernon: Single-file mode unconditionally enables debug mode — algernonCWE-209 | 7.5 | High | 2026-05-26 |
| CVE-2026-45721 | Algernon: handler.lua discovery walks parent directories above the server root — algernonCWE-20 | 9.0 | Critical | 2026-05-26 |
| CVE-2026-43981 | Algernon: Race Condition in handle() shared LState — algernonCWE-362 | - | - | 2026-05-26 |
| CVE-2026-43982 | Algernon: Path traversal file write via savein() — algernonCWE-22 | - | - | 2026-05-26 |
This page lists every published CVE security advisory associated with xyproto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.