Kohanaframework Kohana — known CVE vulnerabilities
Every CVE whose affected-product data names Kohanaframework Kohana, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2014-8684 — CVSS 9.8 (critical): CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies…
CVE-2016-10510 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web…