CVE-2016-3691 — CVSS 8.8 (high): Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
CVE-2015-1864 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject…
CVE-2015-5285 — CVSS 5.0 (medium): CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…
CVE-2015-0260 — CVSS 4.0 (medium): RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the…