Answer

This hub aggregates every CVE we track for Answer, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Answer.

• CVE-2026-25700Apache Answer: AdminToken not invalidated after admin deactivation7.2Jun 10, 2026
• CVE-2026-34905Apache Answer: Unlisted Questions Accessible via Direct API Access6.5Jun 9, 2026
• CVE-2026-34033Apache Answer: HTML Content Injection in Email5.4Jun 9, 2026
• CVE-2026-34031Apache Answer: The custom avatar was not properly validated6.5Jun 9, 2026
• CVE-2026-33582Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error6.5Jun 9, 2026
• CVE-2026-25699Apache Answer: Authorization Bypass in Timeline API6.1Jun 9, 2026
• CVE-2026-25688Apache Answer: XSS in AI Answer Rendering6.1Jun 9, 2026
• CVE-2026-24735Apache Answer: Revision API Improper Access Control leads to Information Disclosure7.5Feb 4, 2026
• CVE-2025-29868Apache Answer: Using externally referenced images can leak user privacy.6.5Apr 1, 2025
• CVE-2024-45719Apache Answer: Predictable Authorization Token Using UUIDv12.6Nov 22, 2024
• CVE-2024-40761Apache Answer: Avatar URL leaked user email addresses5.3Sep 25, 2024
• CVE-2024-41888Apache Answer: The link for resetting user password is not Single-Use5.3Aug 9, 2024
• CVE-2024-41890Apache Answer: The link to reset the user's password will remain valid after sending a new link5.3Aug 9, 2024
• CVE-2024-29217Apache Answer: XSS vulnerability when changing personal website4.6Apr 21, 2024
• CVE-2024-22393Apache Answer: Pixel Flood Attack by uploading the large pixel file9.1Feb 22, 2024