Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-2500 Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
CVE-2026-8901 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
CVE-2026-9008 Vulnerability in wordpress (CVE-2026-9008)
vulnerability in wordpress (CVE-2026-9008). Risk of unauthorized operations or information disclosure.
CVE-2026-9281 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
CVE-2026-8900 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
CVE-2026-8976 Vulnerability in wordpress (CVE-2026-8976)
vulnerability in wordpress (CVE-2026-8976). Risk of unauthorized operations or information disclosure.
CVE-2026-9290 Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
CVE-2026-9719 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9719)
vulnerability in wordpress (CVE-2026-9719). Risk of unauthorized operations or information disclosure.
CVE-2026-6448 SQL Injection in wordpress (CVE-2026-6448)
SQL injection in wordpress (CVE-2026-6448). Confidential information can be exposed externally.
CVE-2026-7047 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7047)
vulnerability in wordpress (CVE-2026-7047). Risk of unauthorized operations or information disclosure.
CVE-2026-8608 Vulnerability in wordpress (CVE-2026-8608)
vulnerability in wordpress (CVE-2026-8608). Risk of unauthorized operations or information disclosure.
CVE-2026-8893 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
CVE-2025-12656 Vulnerability in wordpress (CVE-2025-12656)
vulnerability in wordpress (CVE-2025-12656). Risk of unauthorized operations or information disclosure.
CVE-2026-10038 Vulnerability in wordpress (CVE-2026-10038)
vulnerability in wordpress (CVE-2026-10038). Risk of unauthorized operations or information disclosure.
CVE-2026-7523 Vulnerability in wordpress (CVE-2026-7523)
vulnerability in wordpress (CVE-2026-7523). Risk of unauthorized operations or information disclosure.
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-10580 Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
CVE-2026-10586 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-10586)
SSRF in wordpress (CVE-2026-10586). Risk of unauthorized operations or information disclosure.
CVE-2026-41522 Vulnerability in flask (CVE-2026-41522)
vulnerability in flask (CVE-2026-41522). Risk of unauthorized operations or information disclosure. Exploitable via ``case.iocs``. Mitigation: upgrade to `2.4.28` or later.
CVE-2026-50076 Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
CVE-2019-25742 Cross-Site Scripting (XSS) in wordpress (CVE-2019-25742)
cross-site scripting in wordpress (CVE-2019-25742). Risk of unauthorized operations or information disclosure.
CVE-2019-25744 Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
CVE-2019-25745 SQL Injection in wordpress (CVE-2019-25745)
SQL injection in wordpress (CVE-2019-25745). Confidential information can be exposed externally.
CVE-2019-25738 Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
CVE-2019-25743 Cross-Site Scripting (XSS) in wordpress (CVE-2019-25743)
cross-site scripting in wordpress (CVE-2019-25743). Risk of unauthorized operations or information disclosure.
CVE-2019-25727 Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
CVE-2026-44496 Vulnerability in axios (CVE-2026-44496)
vulnerability in axios (CVE-2026-44496). Risk of unauthorized operations or information disclosure. Exploitable via ``document.cookie``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-43926 Vulnerability in nginx (CVE-2026-43926)
vulnerability in nginx (CVE-2026-43926). Risk of unauthorized operations or information disclosure.
CVE-2026-10737 Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
CVE-2026-8653 SQL Injection in wordpress (CVE-2026-8653)
SQL injection in wordpress (CVE-2026-8653). Confidential information can be exposed externally.
CVE-2022-31114 Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
cross-site scripting in backpack/crud (CVE-2022-31114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.63` or later.
CVE-2026-8404 Vulnerability in django (CVE-2026-8404)
vulnerability in django (CVE-2026-8404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-7666 Vulnerability in django (CVE-2026-7666)
vulnerability in django (CVE-2026-7666). Risk of unauthorized operations or information disclosure. Exploitable via ``STARTTLS``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-6873 Vulnerability in django (CVE-2026-6873)
vulnerability in django (CVE-2026-6873). Risk of unauthorized operations or information disclosure. Exploitable via ``django.http.HttpRequest.get_signed_cookie``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-48587 Vulnerability in django (CVE-2026-48587)
vulnerability in django (CVE-2026-48587). Risk of unauthorized operations or information disclosure. Exploitable via ``Vary``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-35193 Vulnerability in django (CVE-2026-35193)
vulnerability in django (CVE-2026-35193). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-47065 Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
CVE-2026-7421 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
CVE-2026-9732 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9732)
vulnerability in wordpress (CVE-2026-9732). Risk of unauthorized operations or information disclosure.
CVE-2026-5073 SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-5074 SQL Injection in wordpress (CVE-2026-5074)
SQL injection in wordpress (CVE-2026-5074). Confidential information can be exposed externally. Exploitable via ``get_private_content_data``.
CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
CVE-2026-42342 Vulnerability in react-router (CVE-2026-42342)
vulnerability in react-router (CVE-2026-42342). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.0` or later.
CVE-2026-40181 Open Redirect in react-router (CVE-2026-40181)
vulnerability in react-router (CVE-2026-40181). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``. Mitigation: upgrade to `6.30.4` or later.
CVE-2026-34077 Vulnerability in react-router (CVE-2026-34077)
vulnerability in react-router (CVE-2026-34077). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.14.0` or later.
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →