Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-58480 Unrestricted File Upload in wordpress (CVE-2026-58480)
vulnerability in wordpress (CVE-2026-58480). Successful exploitation can lead to full system takeover.
CVE-2026-41042 Vulnerability in apache (CVE-2026-41042)
vulnerability in apache (CVE-2026-41042). Confidential information can be exposed externally.
CVE-2026-12153 Vulnerability in wordpress (CVE-2026-12153)
vulnerability in wordpress (CVE-2026-12153). Successful exploitation can lead to full system takeover.
CVE-2026-9701 Vulnerability in wordpress (CVE-2026-9701)
vulnerability in wordpress (CVE-2026-9701). Successful exploitation can lead to full system takeover. Exploitable via ``eventer_verification_code``.
CVE-2026-14487 Path Traversal in wordpress (CVE-2026-14487)
path traversal in wordpress (CVE-2026-14487). Data can be tampered with by attackers.
CVE-2026-33264 Unsafe Deserialization in apache (CVE-2026-33264)
vulnerability in apache (CVE-2026-33264). Successful exploitation can lead to full system takeover.
CVE-2026-12375 Vulnerability in wordpress (CVE-2026-12375)
vulnerability in wordpress (CVE-2026-12375). Successful exploitation can lead to full system takeover.
CVE-2026-4375 Vulnerability in wordpress (CVE-2026-4375)
vulnerability in wordpress (CVE-2026-4375). Successful exploitation can lead to full system takeover.
CVE-2026-14345 Unrestricted File Upload in wordpress (CVE-2026-14345)
vulnerability in wordpress (CVE-2026-14345). Successful exploitation can lead to full system takeover.
CVE-2026-56140 Vulnerability in apache (CVE-2026-56140)
vulnerability in apache (CVE-2026-56140). Successful exploitation can lead to full system takeover.
CVE-2026-53913 Authentication Bypass in apache (CVE-2026-53913)
authentication bypass in apache (CVE-2026-53913). Successful exploitation can lead to full system takeover.
CVE-2026-48205 Vulnerability in apache (CVE-2026-48205)
vulnerability in apache (CVE-2026-48205). Confidential information can be exposed externally.
CVE-2026-48204 Vulnerability in apache (CVE-2026-48204)
vulnerability in apache (CVE-2026-48204). Successful exploitation can lead to full system takeover.
CVE-2026-46456 Vulnerability in apache (CVE-2026-46456)
vulnerability in apache (CVE-2026-46456). Successful exploitation can lead to full system takeover.
CVE-2026-48203 Vulnerability in apache (CVE-2026-48203)
vulnerability in apache (CVE-2026-48203). Confidential information can be exposed externally.
CVE-2026-43867 Unsafe Deserialization in apache (CVE-2026-43867)
vulnerability in apache (CVE-2026-43867). Successful exploitation can lead to full system takeover.
CVE-2026-46454 Vulnerability in apache (CVE-2026-46454)
vulnerability in apache (CVE-2026-46454). Successful exploitation can lead to full system takeover.
CVE-2026-40047 Vulnerability in apache (CVE-2026-40047)
vulnerability in apache (CVE-2026-40047). Confidential information can be exposed externally. Exploitable via ``docling``.
CVE-2026-24014 Vulnerability in apache (CVE-2026-24014)
vulnerability in apache (CVE-2026-24014). Successful exploitation can lead to full system takeover.
CVE-2026-46455 Vulnerability in apache (CVE-2026-46455)
vulnerability in apache (CVE-2026-46455). Successful exploitation can lead to full system takeover.
CVE-2026-24013 Vulnerability in apache (CVE-2026-24013)
vulnerability in apache (CVE-2026-24013). Confidential information can be exposed externally.
CVE-2026-6382 Vulnerability in wordpress (CVE-2026-6382)
vulnerability in wordpress (CVE-2026-6382). Successful exploitation can lead to full system takeover.
CVE-2026-47898 XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Successful exploitation can lead to full system takeover.
CVE-2026-9725 Path Traversal in wordpress (CVE-2026-9725)
path traversal in wordpress (CVE-2026-9725). Data can be tampered with by attackers.
CVE-2026-5524 Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
CVE-2026-11387 Authentication Bypass in wordpress (CVE-2026-11387)
authentication bypass in wordpress (CVE-2026-11387). Successful exploitation can lead to full system takeover.
CVE-2026-6070 Vulnerability in wordpress (CVE-2026-6070)
vulnerability in wordpress (CVE-2026-6070). Data can be tampered with by attackers.
CVE-2026-56278 Vulnerability in express (CVE-2026-56278)
vulnerability in express (CVE-2026-56278). Confidential information can be exposed externally.
CVE-2026-6556 Vulnerability in express (CVE-2026-6556)
vulnerability in express (CVE-2026-6556). Confidential information can be exposed externally.
CVE-2026-9711 SQL Injection in wordpress (CVE-2026-9711)
SQL injection in wordpress (CVE-2026-9711). Successful exploitation can lead to full system takeover.
CVE-2026-12073 Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
CVE-2026-53434 Vulnerability in apache (CVE-2026-53434)
vulnerability in apache (CVE-2026-53434). Confidential information can be exposed externally.
CVE-2026-55276 Vulnerability in apache (CVE-2026-55276)
vulnerability in apache (CVE-2026-55276). Confidential information can be exposed externally.
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2025-55017 Path Traversal in apache (CVE-2025-55017)
path traversal in apache (CVE-2025-55017). Confidential information can be exposed externally.
CVE-2025-64152 Path Traversal in apache (CVE-2025-64152)
path traversal in apache (CVE-2025-64152). Confidential information can be exposed externally.
CVE-2026-12416 Vulnerability in wordpress (CVE-2026-12416)
vulnerability in wordpress (CVE-2026-12416). Successful exploitation can lead to full system takeover. Exploitable via ``reset_activation_code``.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-49230 Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
CVE-2026-49871 Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
CVE-2026-44087 Vulnerability in apache (CVE-2026-44087)
vulnerability in apache (CVE-2026-44087). Confidential information can be exposed externally.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-8713 Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
CVE-2026-7515 Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
CVE-2026-12048 Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
CVE-2026-49257 Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →