Every CVE whose affected-product data names Droppy Project Droppy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2016-10529 — CVSS 8.8 (high): Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially…
CVE-2020-7757 — CVSS 6.5 (medium): This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.