Koillection

CVEs (2)

• CVE-2025-9747MedAug 31, 2025
  Koillection

  Koillection
  risk 0.28cvss 4.3epss 0.00

  A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to…

• CVE-2025-29746May 7, 2025
  Koillection

  Koillection
  risk 0.00cvss —epss 0.00

  Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components