Vulnerabilities in zinoui
3 resultsCVE-2026-4132HIGHHTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' ParametersEPSS 1.0%CVE-2026-2717MEDIUMHTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header ValuesEPSS 0.5%CVE-2026-1379MEDIUMHTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin SettingEPSS 0.3%