Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2017-12651 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-12651)
vulnerability in wordpress (CVE-2017-12651). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2015-7875 Vulnerability in drupal (CVE-2015-7875)
vulnerability in drupal (CVE-2015-7875). Data can be tampered with by attackers.
CVE-2017-9801 Vulnerability in apache (CVE-2017-9801)
vulnerability in apache (CVE-2017-9801). Data can be tampered with by attackers.
CVE-2017-7916 Vulnerability in react (CVE-2017-7916)
vulnerability in react (CVE-2017-7916). Confidential information can be exposed externally.
CVE-2017-7920 Authentication Bypass in react (CVE-2017-7920)
authentication bypass in react (CVE-2017-7920). Confidential information can be exposed externally.
CVE-2017-6747 Authentication Bypass in express (CVE-2017-6747)
authentication bypass in express (CVE-2017-6747). Successful exploitation can lead to full system takeover.
CVE-2017-11364 Vulnerability in joomla (CVE-2017-11364)
vulnerability in joomla (CVE-2017-11364). Successful exploitation can lead to full system takeover.
CVE-2017-12199 SQL Injection in wordpress (CVE-2017-12199)
SQL injection in wordpress (CVE-2017-12199). Successful exploitation can lead to full system takeover.
CVE-2017-12200 Cross-Site Scripting (XSS) in wordpress (CVE-2017-12200)
cross-site scripting in wordpress (CVE-2017-12200). Risk of unauthorized operations or information disclosure.
CVE-2017-12068 Cross-Site Scripting (XSS) in wordpress (CVE-2017-12068)
cross-site scripting in wordpress (CVE-2017-12068). Risk of unauthorized operations or information disclosure.
CVE-2017-12131 Cross-Site Scripting (XSS) in wordpress (CVE-2017-12131)
cross-site scripting in wordpress (CVE-2017-12131). Risk of unauthorized operations or information disclosure.
CVE-2017-11726 Cross-Site Request Forgery (CSRF) in rails (CVE-2017-11726)
vulnerability in rails (CVE-2017-11726). Successful exploitation can lead to full system takeover.
CVE-2017-11727 Cross-Site Scripting (XSS) in rails (CVE-2017-11727)
cross-site scripting in rails (CVE-2017-11727). Risk of unauthorized operations or information disclosure.
CVE-2017-11694 Vulnerability in apache (CVE-2017-11694)
vulnerability in apache (CVE-2017-11694). Confidential information can be exposed externally.
CVE-2016-0736 Vulnerability in apache (CVE-2016-0736)
vulnerability in apache (CVE-2016-0736). Confidential information can be exposed externally.
CVE-2016-2161 Vulnerability in apache (CVE-2016-2161)
vulnerability in apache (CVE-2016-2161). Risk of unauthorized operations or information disclosure.
CVE-2016-8743 Vulnerability in apache (CVE-2016-8743)
vulnerability in apache (CVE-2016-8743). Data can be tampered with by attackers.
CVE-2017-7659 Vulnerability in apache (CVE-2017-7659)
vulnerability in apache (CVE-2017-7659). Risk of unauthorized operations or information disclosure.
CVE-2017-11658 Path Traversal in wordpress (CVE-2017-11658)
path traversal in wordpress (CVE-2017-11658). Confidential information can be exposed externally.
CVE-2017-11612 Cross-Site Scripting (XSS) in joomla (CVE-2017-11612)
cross-site scripting in joomla (CVE-2017-11612). Risk of unauthorized operations or information disclosure.
CVE-2015-3421 Cross-Site Scripting (XSS) in wordpress (CVE-2015-3421)
cross-site scripting in wordpress (CVE-2015-3421). Risk of unauthorized operations or information disclosure.
CVE-2016-5394 Cross-Site Scripting (XSS) in apache (CVE-2016-5394)
cross-site scripting in apache (CVE-2016-5394). Risk of unauthorized operations or information disclosure.
CVE-2016-6798 XXE (XML External Entity) in apache (CVE-2016-6798)
vulnerability in apache (CVE-2016-6798). Successful exploitation can lead to full system takeover.
CVE-2017-9933 Information Disclosure in joomla (CVE-2017-9933)
vulnerability in joomla (CVE-2017-9933). Confidential information can be exposed externally.
CVE-2017-9934 Cross-Site Scripting (XSS) in csrf (CVE-2017-9934)
cross-site scripting in csrf (CVE-2017-9934). Risk of unauthorized operations or information disclosure.
CVE-2017-7685 Vulnerability in apache (CVE-2017-7685)
vulnerability in apache (CVE-2017-7685). Risk of unauthorized operations or information disclosure.
CVE-2017-7688 Apache OpenMeetings 1.0.0 updates user password in insecure manner.
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
CVE-2017-7663 Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
CVE-2017-7664 Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-7666 Cross-Site Scripting (XSS) in apache (CVE-2017-7666)
cross-site scripting in apache (CVE-2017-7666). Successful exploitation can lead to full system takeover.
CVE-2017-7673 Vulnerability in apache (CVE-2017-7673)
vulnerability in apache (CVE-2017-7673). Successful exploitation can lead to full system takeover.
CVE-2017-7680 Vulnerability in apache (CVE-2017-7680)
vulnerability in apache (CVE-2017-7680). Data can be tampered with by attackers.
CVE-2017-7681 SQL Injection in apache (CVE-2017-7681)
SQL injection in apache (CVE-2017-7681). Successful exploitation can lead to full system takeover.
CVE-2017-7682 Vulnerability in apache (CVE-2017-7682)
vulnerability in apache (CVE-2017-7682). Data can be tampered with by attackers.
CVE-2017-7683 Information Disclosure in apache (CVE-2017-7683)
vulnerability in apache (CVE-2017-7683). Confidential information can be exposed externally.
CVE-2017-7684 Vulnerability in apache (CVE-2017-7684)
vulnerability in apache (CVE-2017-7684). Risk of unauthorized operations or information disclosure.
CVE-2017-1000033 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1000033)
cross-site scripting in wordpress (CVE-2017-1000033). Risk of unauthorized operations or information disclosure.
CVE-2017-1000038 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1000038)
cross-site scripting in wordpress (CVE-2017-1000038). Risk of unauthorized operations or information disclosure.
CVE-2016-6312 Vulnerability in apache (CVE-2016-6312)
vulnerability in apache (CVE-2016-6312). Risk of unauthorized operations or information disclosure.
CVE-2016-6793 Unsafe Deserialization in apache (CVE-2016-6793)
vulnerability in apache (CVE-2016-6793). Data can be tampered with by attackers.
CVE-2015-0249 Code Injection in apache (CVE-2015-0249)
code injection in apache (CVE-2015-0249). Successful exploitation can lead to full system takeover.
CVE-2017-9788 Vulnerability in apache (CVE-2017-9788)
vulnerability in apache (CVE-2017-9788). Confidential information can be exposed externally. Exploitable via `Authorization header`.
CVE-2017-9789 Use-After-Free in apache (CVE-2017-9789)
vulnerability in apache (CVE-2017-9789). Risk of unauthorized operations or information disclosure.
CVE-2017-7672 Vulnerability in apache (CVE-2017-7672)
vulnerability in apache (CVE-2017-7672). Risk of unauthorized operations or information disclosure.
CVE-2017-9787 Vulnerability in apache (CVE-2017-9787)
vulnerability in apache (CVE-2017-9787). Risk of unauthorized operations or information disclosure.
CVE-2017-7529 Vulnerability in nginx (CVE-2017-7529)
vulnerability in nginx (CVE-2017-7529). Confidential information can be exposed externally.
CVE-2017-7678 Cross-Site Scripting (XSS) in apache (CVE-2017-7678)
cross-site scripting in apache (CVE-2017-7678). Risk of unauthorized operations or information disclosure.
CVE-2017-5640 Authentication Bypass in apache (CVE-2017-5640)
authentication bypass in apache (CVE-2017-5640). Successful exploitation can lead to full system takeover.
CVE-2017-5652 Vulnerability in apache (CVE-2017-5652)
vulnerability in apache (CVE-2017-5652). Confidential information can be exposed externally.
CVE-2017-7670 Vulnerability in apache (CVE-2017-7670)
vulnerability in apache (CVE-2017-7670). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →