Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Kovah — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Kovah. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kovah serves as a penetration testing tool primarily used for identifying security vulnerabilities in web applications and network systems. Historically, it has been associated with common vulnerability classes including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The tool has been noted for its extensive exploit capabilities, with 15 CVEs recorded to date. While no major public security incidents have been directly attributed to Kovah, its widespread use in both defensive and offensive security contexts has raised concerns about potential misuse. The tool's comprehensive nature makes it valuable for security professionals but also increases the risk of exploitation by malicious actors if not properly secured.

Top products by Kovah: LinkAce
CVE IDTitleCVSSSeverityPublished
CVE-2026-40905 LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover — LinkAceCWE-601 8.1 High2026-04-21
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection — LinkAceCWE-918 5.0 Medium2026-04-07
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page — LinkAceCWE-285 6.5 Medium2026-03-27
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce — LinkAceCWE-918 8.5 High2026-03-27
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy() — LinkAceCWE-639 4.3AIMediumAI2026-03-10
CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest — LinkAceCWE-918 7.7 High2026-03-10
CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description — LinkAceCWE-80 5.4AIMediumAI2026-02-21
CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature — LinkAceCWE-79 5.4AIMediumAI2025-11-04
CVE-2025-62721 LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags — LinkAceCWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links — LinkAceCWE-200 4.3AIMediumAI2025-11-04
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality — LinkAceCWE-918 4.3AIMediumAI2025-11-04
CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page — LinkAceCWE-79 7.3 High2025-09-18
CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability — LinkAceCWE-79 5.4AIMediumAI2025-09-08
CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 — LinkAceCWE-434 7.6 High2024-12-27
CVE-2024-56507 Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce — LinkAceCWE-79 4.6 Medium2024-12-27

This page lists every published CVE security advisory associated with Kovah. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.