Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-8624 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8624)
cross-site scripting in wordpress (CVE-2026-8624). Risk of unauthorized operations or information disclosure.
CVE-2026-8626 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
CVE-2026-8627 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8627)
cross-site scripting in wordpress (CVE-2026-8627). Risk of unauthorized operations or information disclosure.
CVE-2026-7284 Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
CVE-2026-7462 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
cross-site scripting in wordpress (CVE-2026-7462). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
CVE-2026-7467 Privilege Escalation in wordpress (CVE-2026-7467)
vulnerability in wordpress (CVE-2026-7467). Successful exploitation can lead to full system takeover.
CVE-2026-7472 SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
CVE-2026-8038 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8038)
cross-site scripting in wordpress (CVE-2026-8038). Risk of unauthorized operations or information disclosure.
CVE-2026-8418 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8418)
vulnerability in wordpress (CVE-2026-8418). Risk of unauthorized operations or information disclosure.
CVE-2026-8419 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8419)
vulnerability in wordpress (CVE-2026-8419). Risk of unauthorized operations or information disclosure.
CVE-2026-6400 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6400)
vulnerability in wordpress (CVE-2026-6400). Risk of unauthorized operations or information disclosure.
CVE-2026-6401 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
CVE-2026-6404 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
cross-site scripting in wordpress (CVE-2026-6404). Risk of unauthorized operations or information disclosure.
CVE-2026-6452 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6452)
vulnerability in wordpress (CVE-2026-6452). Risk of unauthorized operations or information disclosure.
CVE-2026-6456 Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
CVE-2026-6549 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
cross-site scripting in wordpress (CVE-2026-6549). Risk of unauthorized operations or information disclosure. Exploitable via ``vc_enamad_namad``.
CVE-2026-6555 Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
CVE-2026-5293 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
cross-site scripting in wordpress (CVE-2026-5293). Risk of unauthorized operations or information disclosure.
CVE-2026-6072 Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
CVE-2026-6391 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6391)
vulnerability in wordpress (CVE-2026-6391). Risk of unauthorized operations or information disclosure.
CVE-2026-6394 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
CVE-2026-6395 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
vulnerability in wordpress (CVE-2026-6395). Risk of unauthorized operations or information disclosure.
CVE-2026-6397 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
cross-site scripting in wordpress (CVE-2026-6397). Risk of unauthorized operations or information disclosure. Exploitable via ``readmoretext``.
CVE-2026-6399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
CVE-2026-3985 SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6366 Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
CVE-2026-42526 Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
CVE-2026-27173 Vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173)
vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173). Confidential information can be exposed externally. Mitigation: upgrade to `10.17.0` or later.
CVE-2026-46342 Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-8073 Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
CVE-2026-8096 Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
CVE-2026-37281 OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
CVE-2026-45670 Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-45669 Vulnerability in nuxt (CVE-2026-45669)
vulnerability in nuxt (CVE-2026-45669). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-8711 Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
CVE-2026-47323 Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
CVE-2025-40900 Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
CVE-2026-8912 SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
CVE-2026-4883 Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
CVE-2026-31910 SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
CVE-2026-31986 Vulnerability in apache (CVE-2026-31986)
vulnerability in apache (CVE-2026-31986). Confidential information can be exposed externally.
CVE-2026-35086 Code Injection in apache (CVE-2026-35086)
code injection in apache (CVE-2026-35086). Risk of unauthorized operations or information disclosure.
CVE-2026-41919 Vulnerability in apache (CVE-2026-41919)
vulnerability in apache (CVE-2026-41919). Confidential information can be exposed externally.
CVE-2026-45187 Vulnerability in apache (CVE-2026-45187)
vulnerability in apache (CVE-2026-45187). Risk of unauthorized operations or information disclosure.
CVE-2026-45434 Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →