VYPR

Answer

by Apache

Source repositories

CVEs (7)

  • CVE-2026-25700HigJun 10, 2026
    risk 0.40cvss 7.2epss 0.00

    Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing…

  • CVE-2026-34905MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and…

  • CVE-2026-34031MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could…

  • CVE-2026-33582MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to…

  • CVE-2026-25699MedJun 9, 2026
    risk 0.33cvss 6.1epss 0.00

    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or…

  • CVE-2026-25688MedJun 9, 2026
    risk 0.33cvss 6.1epss 0.00

    Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content…

  • CVE-2026-34033MedJun 9, 2026
    risk 0.28cvss 5.4epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to…