Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-33195 Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
CVE-2025-54068 KEV [KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-4342 Vulnerability in nginx (CVE-2026-4342)
vulnerability in nginx (CVE-2026-4342). Successful exploitation can lead to full system takeover.
CVE-2016-20026 Vulnerability in apache (CVE-2016-20026)
vulnerability in apache (CVE-2016-20026). Successful exploitation can lead to full system takeover.
CVE-2026-23941 Vulnerability in nginx (CVE-2026-23941)
vulnerability in nginx (CVE-2026-23941). Confidential information can be exposed externally.
CVE-2026-20117 Cross-Site Scripting (XSS) in express (CVE-2026-20117)
cross-site scripting in express (CVE-2026-20117). Risk of unauthorized operations or information disclosure.
CVE-2026-25604 Vulnerability in apache (CVE-2026-25604)
vulnerability in apache (CVE-2026-25604). Risk of unauthorized operations or information disclosure.
CVE-2026-24281 Vulnerability in apache (CVE-2026-24281)
vulnerability in apache (CVE-2026-24281). Confidential information can be exposed externally.
CVE-2026-24308 Vulnerability in apache (CVE-2026-24308)
vulnerability in apache (CVE-2026-24308). Confidential information can be exposed externally.
CVE-2026-27446 Vulnerability in org.apache.activemq:artemis-server (CVE-2026-27446)
vulnerability in org.apache.activemq:artemis-server (CVE-2026-27446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.52.0` or later.
CVE-2026-25673 Vulnerability in django (CVE-2026-25673)
vulnerability in django (CVE-2026-25673). Risk of unauthorized operations or information disclosure.
CVE-2026-2293 Authorization Flaw in nestjs (CVE-2026-2293)
vulnerability in nestjs (CVE-2026-2293). Successful exploitation can lead to full system takeover.
CVE-2026-27970 Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
CVE-2026-25747 Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
CVE-2026-27134 Authentication Bypass in apache (CVE-2026-27134)
authentication bypass in apache (CVE-2026-27134). Successful exploitation can lead to full system takeover.
CVE-2026-0974 Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
CVE-2026-24734 Vulnerability in apache (CVE-2026-24734)
vulnerability in apache (CVE-2026-24734). Data can be tampered with by attackers.
CVE-2026-1312 SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-1287 SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-1207 SQL Injection in django (CVE-2026-1207)
SQL injection in django (CVE-2026-1207). Risk of unauthorized operations or information disclosure. Exploitable via ``RasterField``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-23864 Vulnerability in react (CVE-2026-23864)
vulnerability in react (CVE-2026-23864). Risk of unauthorized operations or information disclosure.
CVE-2026-22774 Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
CVE-2026-22775 Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
CVE-2025-68493 XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
CVE-2026-22610 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
CVE-2026-22029 Cross-Site Scripting (XSS) in react (CVE-2026-22029)
cross-site scripting in react (CVE-2026-22029). Confidential information can be exposed externally.
CVE-2025-61686 Path Traversal in react (CVE-2025-61686)
path traversal in react (CVE-2025-61686). Data can be tampered with by attackers.
CVE-2025-59057 Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
CVE-2026-21884 Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
CVE-2026-0674 Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
CVE-2025-66412 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2025-66412)
cross-site scripting in @angular/compiler (CVE-2025-66412). Risk of unauthorized operations or information disclosure. Exploitable via ``attributeName``.
CVE-2025-66035 Vulnerability in @angular/common (CVE-2025-66035)
vulnerability in @angular/common (CVE-2025-66035). Risk of unauthorized operations or information disclosure. Exploitable via ``POST``. Mitigation: upgrade to `19.2.16` or later.
CVE-2025-51741 Vulnerability in dos (CVE-2025-51741)
vulnerability in dos (CVE-2025-51741). Risk of unauthorized operations or information disclosure.
CVE-2025-56399 Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
CVE-2025-61795 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
CVE-2025-55752 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
CVE-2025-55754 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
CVE-2025-11570 Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
CVE-2025-11226 Vulnerability in spring (CVE-2025-11226)
vulnerability in spring (CVE-2025-11226). Risk of unauthorized operations or information disclosure.
CVE-2025-48989 Vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989)
vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.108` or later.
CVE-2025-52078 Unrestricted File Upload in react (CVE-2025-52078)
vulnerability in react (CVE-2025-52078). Risk of unauthorized operations or information disclosure.
CVE-2012-10027 Unrestricted File Upload in wordpress (CVE-2012-10027)
vulnerability in wordpress (CVE-2012-10027). Risk of unauthorized operations or information disclosure. Exploitable via ``uploadify.php``.
CVE-2019-5418 KEV [KEV] Path Traversal in rails (CVE-2019-5418)
path traversal in rails (CVE-2019-5418). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-38475 KEV [KEV] Vulnerability in Apache http-server (CVE-2024-38475)
vulnerability in Apache http-server (CVE-2024-38475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-3891 Vulnerability in apache (CVE-2025-3891)
vulnerability in apache (CVE-2025-3891). Risk of unauthorized operations or information disclosure.
CVE-2025-27391 Vulnerability in apache (CVE-2025-27391)
vulnerability in apache (CVE-2025-27391). Confidential information can be exposed externally.
CVE-2025-27427 Authorization Flaw in apache (CVE-2025-27427)
vulnerability in apache (CVE-2025-27427). Risk of unauthorized operations or information disclosure.
CVE-2025-24813 KEV [KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-45195 KEV [KEV] Vulnerability in Apache ofbiz (CVE-2024-45195)
vulnerability in Apache ofbiz (CVE-2024-45195). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-11404 Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →