Every CVE whose affected-product data names Konga Project Konga, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-42192 — CVSS 8.8 (high): Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
CVE-2023-26987 — CVSS 6.5 (medium): An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.