Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-8048 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8048)
cross-site scripting in wordpress (CVE-2026-8048). Risk of unauthorized operations or information disclosure.
CVE-2026-7614 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7614)
vulnerability in wordpress (CVE-2026-7614). Risk of unauthorized operations or information disclosure.
CVE-2026-8040 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8040)
cross-site scripting in wordpress (CVE-2026-8040). Risk of unauthorized operations or information disclosure.
CVE-2026-6268 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6268)
cross-site scripting in wordpress (CVE-2026-6268). Risk of unauthorized operations or information disclosure.
CVE-2026-9236 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9236)
vulnerability in wordpress (CVE-2026-9236). Risk of unauthorized operations or information disclosure.
CVE-2026-6287 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6287)
cross-site scripting in wordpress (CVE-2026-6287). Risk of unauthorized operations or information disclosure.
CVE-2025-14481 Vulnerability in wordpress (CVE-2025-14481)
vulnerability in wordpress (CVE-2025-14481). Risk of unauthorized operations or information disclosure.
CVE-2026-9022 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9022)
cross-site scripting in wordpress (CVE-2026-9022). Risk of unauthorized operations or information disclosure.
CVE-2026-6565 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6565)
cross-site scripting in wordpress (CVE-2026-6565). Risk of unauthorized operations or information disclosure.
CVE-2026-7493 Vulnerability in wordpress (CVE-2026-7493)
vulnerability in wordpress (CVE-2026-7493). Risk of unauthorized operations or information disclosure.
CVE-2026-44847 Authentication Bypass in django (CVE-2026-44847)
authentication bypass in django (CVE-2026-44847). Data can be tampered with by attackers. Mitigation: upgrade to `2.9.0` or later.
CVE-2026-48903 Cross-Site Scripting (XSS) in joomla (CVE-2026-48903)
cross-site scripting in joomla (CVE-2026-48903). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48904 Vulnerability in joomla (CVE-2026-48904)
vulnerability in joomla (CVE-2026-48904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
CVE-2026-48896 Joomla! Core - [20260511] - MFA Authentication Bypass
Joomla! Core - [20260511] - MFA Authentication Bypass
CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass
Joomla! Core - [20260512] - MFA Authentication Bypass
CVE-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE-2026-48900 Vulnerability in joomla (CVE-2026-48900)
vulnerability in joomla (CVE-2026-48900). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48901 Vulnerability in joomla (CVE-2026-48901)
vulnerability in joomla (CVE-2026-48901). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48902 Vulnerability in joomla (CVE-2026-48902)
vulnerability in joomla (CVE-2026-48902). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-40383 Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
CVE-2026-40384 Path Traversal in joomla (CVE-2026-40384)
path traversal in joomla (CVE-2026-40384). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
CVE-2026-35220 Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
CVE-2026-35221 SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
CVE-2026-30895 Joomla! Core - [20260504] - XSS in readmore links
Joomla! Core - [20260504] - XSS in readmore links
CVE-2026-25900 Joomla! Core - [20260501] - XSS in feed modules
Joomla! Core - [20260501] - XSS in feed modules
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Joomla! Core - [20260502] - XSS in com_associations
CVE-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Joomla! Core - [20260503] - XSS in com_contenthistory
CVE-2026-40564 Vulnerability in apache (CVE-2026-40564)
vulnerability in apache (CVE-2026-40564). Confidential information can be exposed externally.
CVE-2026-8174 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8174)
vulnerability in wordpress (CVE-2026-8174). Data can be tampered with by attackers.
CVE-2026-43828 Vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828)
vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-44598 Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-43827 Vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-48589 Open Redirect in apache (CVE-2026-48589)
vulnerability in apache (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
CVE-2026-42782 Vulnerability in org.apache.syncope.core:syncope-core-spring (CVE-2026-42782)
vulnerability in org.apache.syncope.core:syncope-core-spring (CVE-2026-42782). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.1` or later.
CVE-2026-42797 Vulnerability in org.apache.syncope.core:syncope-core-provisioning-api (CVE-2026-42797)
vulnerability in org.apache.syncope.core:syncope-core-provisioning-api (CVE-2026-42797). Confidential information can be exposed externally. Mitigation: upgrade to `4.1.1` or later.
CVE-2026-46745 Vulnerability in apache-airflow-providers-fab (CVE-2026-46745)
vulnerability in apache-airflow-providers-fab (CVE-2026-46745). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.4` or later.
CVE-2026-45361 Vulnerability in apache-airflow-providers-google (CVE-2026-45361)
vulnerability in apache-airflow-providers-google (CVE-2026-45361). Successful exploitation can lead to full system takeover. Exploitable via ``ComputeEngineSSHHook``. Mitigation: upgrade to `22.0.0` or later.
CVE-2026-45249 Cross-Site Scripting (XSS) in echarts (CVE-2026-45249)
cross-site scripting in echarts (CVE-2026-45249). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.0` or later.
CVE-2026-9374 Vulnerability in vue (CVE-2026-9374)
vulnerability in vue (CVE-2026-9374). Risk of unauthorized operations or information disclosure.
CVE-2026-9349 Information Disclosure in react (CVE-2026-9349)
vulnerability in react (CVE-2026-9349). Risk of unauthorized operations or information disclosure.
CVE-2018-25347 SQL Injection in wordpress (CVE-2018-25347)
SQL injection in wordpress (CVE-2018-25347). Confidential information can be exposed externally.
CVE-2018-25352 SQL Injection in wordpress (CVE-2018-25352)
SQL injection in wordpress (CVE-2018-25352). Confidential information can be exposed externally.
CVE-2018-25346 SQL Injection in wordpress (CVE-2018-25346)
SQL injection in wordpress (CVE-2018-25346). Confidential information can be exposed externally.
CVE-2026-6895 Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
CVE-2026-6897 Privilege Escalation in wordpress (CVE-2026-6897)
vulnerability in wordpress (CVE-2026-6897). Successful exploitation can lead to full system takeover.
CVE-2026-6419 Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →