Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2020-13671 KEV [KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11978 KEV [KEV] OS Command Injection in Apache airflow (CVE-2020-11978)
OS command injection in Apache airflow (CVE-2020-11978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13927 KEV [KEV] Vulnerability in Apache airflows-experimental-api (CVE-2020-13927)
vulnerability in Apache airflows-experimental-api (CVE-2020-13927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44832 Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.17.1` or later.
CVE-2021-45105 Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-45105)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-45105). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.1` or later.
CVE-2021-4104 Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
CVE-2019-0193 KEV [KEV] Code Injection in Apache solr (CVE-2019-0193)
code injection in Apache solr (CVE-2019-0193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-44228 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-40438 KEV [KEV] SSRF (Server-Side Request Forgery) in apache (CVE-2021-40438)
SSRF in apache (CVE-2021-40438). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-25213 KEV [KEV] Unrestricted File Upload in Wordpress file-manager-plugin (CVE-2020-25213)
vulnerability in Wordpress file-manager-plugin (CVE-2020-25213). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11738 KEV [KEV] Path Traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738)
path traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-9978 KEV [KEV] Cross-Site Scripting (XSS) in Wordpress social-warfare-plugin (CVE-2019-9978)
cross-site scripting in Wordpress social-warfare-plugin (CVE-2019-9978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-7600 KEV [KEV] Vulnerability in drupal (CVE-2018-7600)
vulnerability in drupal (CVE-2018-7600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-9805 KEV [KEV] Unsafe Deserialization in Apache struts (CVE-2017-9805)
vulnerability in Apache struts (CVE-2017-9805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17530 KEV [KEV] Vulnerability in Apache struts (CVE-2020-17530)
vulnerability in Apache struts (CVE-2020-17530). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-5638 KEV [KEV] Vulnerability in Apache struts (CVE-2017-5638)
vulnerability in Apache struts (CVE-2017-5638). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-11776 KEV [KEV] Vulnerability in Apache struts (CVE-2018-11776)
vulnerability in Apache struts (CVE-2018-11776). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42013 KEV [KEV] Path Traversal in Apache http-server (CVE-2021-42013)
path traversal in Apache http-server (CVE-2021-42013). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-41773 KEV [KEV] Path Traversal in Apache http-server (CVE-2021-41773)
path traversal in Apache http-server (CVE-2021-41773). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-0211 KEV [KEV] Use-After-Free in Apache http-server (CVE-2019-0211)
vulnerability in Apache http-server (CVE-2019-0211). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-4437 KEV [KEV] Vulnerability in Apache shiro (CVE-2016-4437)
vulnerability in Apache shiro (CVE-2016-4437). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-17558 KEV [KEV] Vulnerability in Apache solr (CVE-2019-17558)
vulnerability in Apache solr (CVE-2019-17558). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-29238 Vulnerability in nginx (CVE-2020-29238)
vulnerability in nginx (CVE-2020-29238). Confidential information can be exposed externally.
CVE-2021-26117 Authentication Bypass in apache (CVE-2021-26117)
authentication bypass in apache (CVE-2021-26117). Data can be tampered with by attackers.
CVE-2021-26118 Vulnerability in org.apache.activemq:artemis-openwire-protocol (CVE-2021-26118)
vulnerability in org.apache.activemq:artemis-openwire-protocol (CVE-2021-26118). Data can be tampered with by attackers. Mitigation: upgrade to `2.16.0` or later.
CVE-2020-28707 Cross-Site Scripting (XSS) in wordpress (CVE-2020-28707)
cross-site scripting in wordpress (CVE-2020-28707). Risk of unauthorized operations or information disclosure.
CVE-2020-13932 Cross-Site Scripting (XSS) in org.apache.activemq:apache-artemis (CVE-2020-13932)
cross-site scripting in org.apache.activemq:apache-artemis (CVE-2020-13932). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.14.0` or later.
CVE-2020-10727 Vulnerability in org.apache.activemq:artemis-commons (CVE-2020-10727)
vulnerability in org.apache.activemq:artemis-commons (CVE-2020-10727). Confidential information can be exposed externally. Exploitable via ``resetUsers``. Mitigation: upgrade to `2.13.0` or later.
CVE-2020-9488 Vulnerability in org.apache.logging.log4j:log4j (CVE-2020-9488)
vulnerability in org.apache.logging.log4j:log4j (CVE-2020-9488). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.2` or later.
CVE-2019-17571 Unsafe Deserialization in log4j:log4j (CVE-2019-17571)
vulnerability in log4j:log4j (CVE-2019-17571). Successful exploitation can lead to full system takeover.
CVE-2017-12174 Vulnerability in apache (CVE-2017-12174)
vulnerability in apache (CVE-2017-12174). Risk of unauthorized operations or information disclosure.
CVE-2017-12626 Vulnerability in org.apache.poi:poi (CVE-2017-12626)
vulnerability in org.apache.poi:poi (CVE-2017-12626). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.17` or later.
CVE-2017-8046 Vulnerability in spring (CVE-2017-8046)
vulnerability in spring (CVE-2017-8046). Successful exploitation can lead to full system takeover.
CVE-2015-3302 Vulnerability in wordpress (CVE-2015-3302)
vulnerability in wordpress (CVE-2015-3302). Confidential information can be exposed externally.
CVE-2017-17916 SQL Injection in rails (CVE-2017-17916)
SQL injection in rails (CVE-2017-17916). Successful exploitation can lead to full system takeover.
CVE-2017-17917 SQL Injection in rails (CVE-2017-17917)
SQL injection in rails (CVE-2017-17917). Successful exploitation can lead to full system takeover.
CVE-2017-17919 SQL Injection in rails (CVE-2017-17919)
SQL injection in rails (CVE-2017-17919). Successful exploitation can lead to full system takeover.
CVE-2017-17920 SQL Injection in rails (CVE-2017-17920)
SQL injection in rails (CVE-2017-17920). Successful exploitation can lead to full system takeover.
CVE-2017-5641 Unsafe Deserialization in apache (CVE-2017-5641)
vulnerability in apache (CVE-2017-5641). Successful exploitation can lead to full system takeover.
CVE-2015-7666 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7666)
cross-site scripting in wordpress (CVE-2015-7666). Risk of unauthorized operations or information disclosure.
CVE-2015-7667 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7667)
cross-site scripting in wordpress (CVE-2015-7667). Risk of unauthorized operations or information disclosure.
CVE-2015-7668 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
cross-site scripting in wordpress (CVE-2015-7668). Risk of unauthorized operations or information disclosure.
CVE-2015-7669 Path Traversal in wordpress (CVE-2015-7669)
path traversal in wordpress (CVE-2015-7669). Successful exploitation can lead to full system takeover.
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2011-4955 Cross-Site Scripting (XSS) in wordpress (CVE-2011-4955)
cross-site scripting in wordpress (CVE-2011-4955). Risk of unauthorized operations or information disclosure.
CVE-2017-17780 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17780)
cross-site scripting in wordpress (CVE-2017-17780). Risk of unauthorized operations or information disclosure.
CVE-2017-17719 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17719)
cross-site scripting in wordpress (CVE-2017-17719). Risk of unauthorized operations or information disclosure.
CVE-2017-17744 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17744)
cross-site scripting in wordpress (CVE-2017-17744). Risk of unauthorized operations or information disclosure.
CVE-2017-17753 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17753)
cross-site scripting in wordpress (CVE-2017-17753). Risk of unauthorized operations or information disclosure.
CVE-2017-16949 Unrestricted File Upload in wordpress (CVE-2017-16949)
vulnerability in wordpress (CVE-2017-16949). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →