Vulnerabilities in papra-hq

3 results

CVE-2026-35462MEDIUMPapra Does Not Reject Expired API KeysEPSS 0.2%CVE-2026-35461MEDIUMPapra has a Blind Server-Side Request Forgery (SSRF) via Webhook URLEPSS 0.2%CVE-2026-35460MEDIUMPapra has an HTML Injection in Transactional Emails via Unescaped User Display NameEPSS 0.2%