Package impact
GO / github.com/hahwul/dalfox/v2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45087 | critical | 10.0 | 10.0 | 1d ago | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de… | |
| CVE-2026-45089 | high | 8.2 | 8.2 | 1d ago | Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option | |
| CVE-2026-45088 | high | 7.5 | 7.5 | 1d ago | Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` | |
| CVE-2026-45090 | high | 7.5 | 7.5 | 1d ago | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both wri… |