Browse all 4 CVE security advisories affecting Bubka. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bubka serves as a network monitoring tool primarily used for real-time traffic analysis and security event detection. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure authentication mechanisms. The tool has faced scrutiny for its default configurations exposing sensitive endpoints, with one major incident involving unauthorized access through weak API controls. Bubka's architecture has shown persistent issues with insufficient session management, leading to potential account takeovers. Security researchers have noted its tendency to store credentials in plaintext, amplifying the impact of successful exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32133 | 2FAuth has Blind SSRF in image parameter allows internal network access and more — 2FAuthCWE-918 | 7.1AI | HighAI | 2026-03-11 |
| CVE-2024-52598 | 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview — 2FAuthCWE-79 | 7.5 | High | 2024-11-20 |
| CVE-2024-52597 | 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render — 2FAuthCWE-79 | 6.1 | Medium | 2024-11-20 |
| CVE-2023-36816 | Cross-Site Scripting (XSS) at Account creation in 2FAuth — 2FAuthCWE-79 | 6.1 | Medium | 2023-07-03 |
This page lists every published CVE security advisory associated with Bubka. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.