Every CVE whose affected-product data names Anapi H6web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-1270 — CVSS 9.1 (critical): Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users'…
CVE-2025-1271 — CVSS 6.1 (medium): Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code…