Browse all 5 CVE security advisories affecting capricorn86. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Capricorn86 operates primarily in web application development and deployment, with a core focus on custom enterprise solutions. Historically, their vulnerabilities have centered on remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and misconfigured access controls. While no major public incidents have been documented, their CVE history reveals a pattern of security oversights in authentication mechanisms and session management. The five recorded CVEs indicate consistent but manageable security challenges, primarily affecting their custom-built platforms rather than widely deployed third-party integrations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34226 | Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies — happy-domCWE-201 | 7.5 | High | 2026-03-27 |
| CVE-2026-33943 | Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code — happy-domCWE-94 | 8.8 | High | 2026-03-27 |
| CVE-2025-62410 | --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom — happy-domCWE-1321 | 10.0 | - | 2025-10-15 |
| CVE-2025-61927 | Happy-DOM has VM Context Escape — happy-domCWE-94 | 9.0AI | CriticalAI | 2025-10-10 |
| CVE-2024-51757 | Fixes security vulnerability that allowed for server side code to be executed by a <script> tag — happy-domCWE-94 | 6.1AI | MediumAI | 2024-11-06 |
This page lists every published CVE security advisory associated with capricorn86. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.