Browse all 3 CVE security advisories affecting akirk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Akirk primarily develops enterprise software solutions with a focus on web applications and API integrations. Historically, vulnerabilities associated with this entity include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and authentication flaws. Security assessments reveal consistent patterns in insecure direct object references and misconfigured access controls. While no major public incidents have been documented, the three CVEs on record highlight persistent issues in parameter handling and session management. The codebase typically exhibits moderate security hygiene with occasional lapses in sanitization and boundary checks, requiring ongoing remediation efforts to maintain secure deployment practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-7504 | Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection — FriendsCWE-502 | 7.5 | High | 2025-07-12 |
| CVE-2024-12028 | Friends <= 3.2.1 - Missing Authorization — FriendsCWE-862 | 5.3 | Medium | 2024-12-06 |
| CVE-2024-1978 | Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery — FriendsCWE-918 | 5.5 | Medium | 2024-02-29 |
This page lists every published CVE security advisory associated with akirk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.