All 2 CVE vulnerabilities found in core-bundle-dev-app, with AI-generated Chinese analysis, references, and POCs.
Vendor: roadiz
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42206 | Roadiz OpenID Connect nonce generated but never validated — ID token replay attack CWE-345 | 7.5AI | HighAI | 2026-05-08 |
| CVE-2026-33486 | Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents CWE-918 | 6.8 | Medium | 2026-03-26 |
All 2 known CVE vulnerabilities affecting core-bundle-dev-app with full Chinese analysis, references, and POCs where available.