Browse all 6 CVE security advisories affecting avo-hq. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Avo-HQ is a cybersecurity platform focused on vulnerability management and attack surface analysis. Historically, the organization has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues. The platform's security characteristics emphasize automated vulnerability detection and prioritization. While specific major incidents aren't widely documented, the presence of five CVEs indicates potential security flaws in their offerings. Avo-HQ aims to help organizations identify and remediate security weaknesses in their systems and applications, though their own vulnerabilities highlight the challenges inherent in security tool development and deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42205 | Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources — avoCWE-284 | 8.8 | High | 2026-05-08 |
| CVE-2026-33209 | Avo has a XSS vulnerability on `return_to` param — avoCWE-79 | 6.1 | - | 2026-03-20 |
| CVE-2024-22411 | Cross site scripting in Action messages on Avo — avoCWE-79 | 6.5 | Medium | 2024-01-16 |
| CVE-2024-22191 | Stored cross-site scripting (XSS) in `key_value` field in Avo — avoCWE-79 | 7.3 | High | 2024-01-16 |
| CVE-2023-34102 | Possible unsafe reflection / partial denial of service in avo — avoCWE-20 | 8.3 | High | 2023-06-05 |
| CVE-2023-34103 | Stored XSS (Cross Site Scripting) in html content based fields of avo — avoCWE-79 | 7.3 | High | 2023-06-05 |
This page lists every published CVE security advisory associated with avo-hq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.