Browse all 5 CVE security advisories affecting rafasashi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rafasashi develops web applications and APIs, primarily serving as a backend service for client-facing platforms. Historically, vulnerabilities associated with this entity include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and misconfigured access controls. Security assessments have identified consistent patterns in insecure deserialization and improper authentication mechanisms. While no major public security incidents have been documented, the presence of five CVEs indicates recurring security challenges in their codebase, particularly in how user inputs are processed and how session management is implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3551 | Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting — Custom New User NotificationCWE-79 | 4.4 | Medium | 2026-04-16 |
This page lists every published CVE security advisory associated with rafasashi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.