Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-6895 Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
CVE-2026-6897 Privilege Escalation in wordpress (CVE-2026-6897)
vulnerability in wordpress (CVE-2026-6897). Successful exploitation can lead to full system takeover.
CVE-2026-9256 Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
CVE-2026-44930 Vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930)
vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
CVE-2026-44417 Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
CVE-2026-9018 Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
CVE-2026-9104 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
CVE-2026-4070 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
CVE-2026-6864 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
CVE-2026-7249 Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
CVE-2026-7509 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
CVE-2026-3481 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
CVE-2026-2518 Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
CVE-2026-4834 SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
CVE-2026-8415 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-6960 Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
CVE-2026-4093 Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
CVE-2026-4929 Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
CVE-2026-7881 Vulnerability in concrete5/concrete5 (CVE-2026-7881)
vulnerability in concrete5/concrete5 (CVE-2026-7881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-4843 Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
CVE-2026-48207 Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
CVE-2026-5118 Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
CVE-2026-45760 Vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760)
vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.10.1` or later.
CVE-2026-6279 Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
CVE-2026-1543 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1543)
cross-site scripting in wordpress (CVE-2026-1543). Risk of unauthorized operations or information disclosure.
CVE-2026-4811 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4811)
cross-site scripting in wordpress (CVE-2026-4811). Confidential information can be exposed externally.
CVE-2026-1881 Vulnerability in wordpress (CVE-2026-1881)
vulnerability in wordpress (CVE-2026-1881). Risk of unauthorized operations or information disclosure.
CVE-2026-40102 Vulnerability in django (CVE-2026-40102)
vulnerability in django (CVE-2026-40102). Confidential information can be exposed externally. Exploitable via `GET /api/workspaces/`.
CVE-2026-9082 KEV [KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
CVE-2026-30691 Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
cross-site scripting in @cyntler/react-doc-viewer (CVE-2026-30691). Risk of unauthorized operations or information disclosure.
CVE-2026-7613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
CVE-2026-24425 Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-6728 Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
CVE-2026-9065 SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
CVE-2026-6405 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
CVE-2026-5200 Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
CVE-2026-6566 Vulnerability in wordpress (CVE-2026-6566)
vulnerability in wordpress (CVE-2026-6566). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /imagely/v1/images/{id}`.
CVE-2026-7385 Vulnerability in wordpress (CVE-2026-7385)
vulnerability in wordpress (CVE-2026-7385). Risk of unauthorized operations or information disclosure.
CVE-2026-5776 Vulnerability in wordpress (CVE-2026-5776)
vulnerability in wordpress (CVE-2026-5776). Risk of unauthorized operations or information disclosure.
CVE-2026-2955 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2955)
cross-site scripting in wordpress (CVE-2026-2955). Risk of unauthorized operations or information disclosure.
CVE-2026-5075 Information Disclosure in wordpress (CVE-2026-5075)
vulnerability in wordpress (CVE-2026-5075). Risk of unauthorized operations or information disclosure.
CVE-2026-7522 Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
CVE-2026-9010 SQL Injection in wordpress (CVE-2026-9010)
SQL injection in wordpress (CVE-2026-9010). Confidential information can be exposed externally.
CVE-2026-7637 Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
CVE-2025-15369 Vulnerability in wordpress (CVE-2025-15369)
vulnerability in wordpress (CVE-2025-15369). Risk of unauthorized operations or information disclosure.
CVE-2026-8685 SQL Injection in wordpress (CVE-2026-8685)
SQL injection in wordpress (CVE-2026-8685). Confidential information can be exposed externally.
CVE-2026-8420 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8420)
vulnerability in wordpress (CVE-2026-8420). Risk of unauthorized operations or information disclosure.
CVE-2026-8423 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8423)
vulnerability in wordpress (CVE-2026-8423). Risk of unauthorized operations or information disclosure.
CVE-2026-8424 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8424)
vulnerability in wordpress (CVE-2026-8424). Risk of unauthorized operations or information disclosure.
CVE-2026-8610 Vulnerability in wordpress (CVE-2026-8610)
vulnerability in wordpress (CVE-2026-8610). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →