Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-8491 Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
CVE-2026-42945 Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42946 Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42926 Vulnerability in nginx (CVE-2026-42926)
vulnerability in nginx (CVE-2026-42926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-42934 Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-40701 Use-After-Free in nginx (CVE-2026-40701)
vulnerability in nginx (CVE-2026-40701). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2026-40460 Vulnerability in nginx (CVE-2026-40460)
vulnerability in nginx (CVE-2026-40460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
CVE-2020-37169 Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
CVE-2026-4607 Vulnerability in wordpress (CVE-2026-4607)
vulnerability in wordpress (CVE-2026-4607). Risk of unauthorized operations or information disclosure.
CVE-2026-4608 SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.
CVE-2026-4609 Vulnerability in wordpress (CVE-2026-4609)
vulnerability in wordpress (CVE-2026-4609). Data can be tampered with by attackers.
CVE-2026-39806 Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
CVE-2026-6177 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
CVE-2026-3425 Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
CVE-2026-3426 Vulnerability in wordpress (CVE-2026-3426)
vulnerability in wordpress (CVE-2026-3426). Risk of unauthorized operations or information disclosure.
CVE-2026-4782 Vulnerability in wordpress (CVE-2026-4782)
vulnerability in wordpress (CVE-2026-4782). Confidential information can be exposed externally.
CVE-2026-4798 SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
CVE-2026-2515 Vulnerability in wordpress (CVE-2026-2515)
vulnerability in wordpress (CVE-2026-2515). Data can be tampered with by attackers.
CVE-2026-3004 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3004)
cross-site scripting in wordpress (CVE-2026-3004). Risk of unauthorized operations or information disclosure.
CVE-2025-14767 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
cross-site scripting in wordpress (CVE-2025-14767). Risk of unauthorized operations or information disclosure. Exploitable via ``wpcbm_best_seller``.
CVE-2026-6965 Vulnerability in wordpress (CVE-2026-6965)
vulnerability in wordpress (CVE-2026-6965). Risk of unauthorized operations or information disclosure. Exploitable via ``course``.
CVE-2026-6929 SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
CVE-2025-14033 Vulnerability in wordpress (CVE-2025-14033)
vulnerability in wordpress (CVE-2025-14033). Risk of unauthorized operations or information disclosure.
CVE-2026-6828 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
cross-site scripting in wordpress (CVE-2026-6828). Risk of unauthorized operations or information disclosure.
CVE-2026-6962 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
cross-site scripting in wordpress (CVE-2026-6962). Risk of unauthorized operations or information disclosure.
CVE-2026-7051 Vulnerability in wordpress (CVE-2026-7051)
vulnerability in wordpress (CVE-2026-7051). Risk of unauthorized operations or information disclosure.
CVE-2026-7619 SQL Injection in wordpress (CVE-2026-7619)
SQL injection in wordpress (CVE-2026-7619). Confidential information can be exposed externally.
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
CVE-2025-9987 Information Disclosure in wordpress (CVE-2025-9987)
vulnerability in wordpress (CVE-2025-9987). Risk of unauthorized operations or information disclosure.
CVE-2025-9988 Vulnerability in wordpress (CVE-2025-9988)
vulnerability in wordpress (CVE-2025-9988). Risk of unauthorized operations or information disclosure.
CVE-2025-9989 Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
cross-site scripting in wordpress (CVE-2025-9989). Risk of unauthorized operations or information disclosure.
CVE-2025-14755 Vulnerability in wordpress (CVE-2025-14755)
vulnerability in wordpress (CVE-2025-14755). Risk of unauthorized operations or information disclosure.
CVE-2026-5371 Vulnerability in wordpress (CVE-2026-5371)
vulnerability in wordpress (CVE-2026-5371). Confidential information can be exposed externally.
CVE-2026-44245 Cross-Site Scripting (XSS) in github.com/kyverno/policy-reporter-ui (CVE-2026-44245)
cross-site scripting in github.com/kyverno/policy-reporter-ui (CVE-2026-44245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.2` or later.
CVE-2026-1250 SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
CVE-2025-15463 Code Injection in wordpress (CVE-2025-15463)
code injection in wordpress (CVE-2025-15463). Risk of unauthorized operations or information disclosure.
CVE-2026-44306 Vulnerability in statamic/cms (CVE-2026-44306)
vulnerability in statamic/cms (CVE-2026-44306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.21` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
CVE-2026-42196 Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
CVE-2026-42268 Vulnerability in modsecurity (CVE-2026-42268)
vulnerability in modsecurity (CVE-2026-42268). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.15` or later.
CVE-2026-8430 Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
CVE-2026-43513 Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-43514 Vulnerability in tomcat (CVE-2026-43514)
vulnerability in tomcat (CVE-2026-43514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-43515 Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-41293 Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-42498 Information Disclosure in tomcat (CVE-2026-42498)
vulnerability in tomcat (CVE-2026-42498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-43512 Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-41284 Vulnerability in tomcat (CVE-2026-41284)
vulnerability in tomcat (CVE-2026-41284). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-45091 Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
CVE-2026-45218 SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →