VYPR

Pigeon

by Kasuganosoras

Source repositories

CVEs (2)

  • CVE-2026-32616HigMar 16, 2026
    risk 0.46cvss 8.2epss 0.00

    Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request,…

  • CVE-2025-1447MedFeb 19, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated…