Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2017-12613 Out-of-Bounds Read in apache (CVE-2017-12613)
vulnerability in apache (CVE-2017-12613). Confidential information can be exposed externally.
CVE-2015-5533 SQL Injection in wordpress (CVE-2015-5533)
SQL injection in wordpress (CVE-2015-5533). Successful exploitation can lead to full system takeover.
CVE-2010-2232 Vulnerability in apache (CVE-2010-2232)
vulnerability in apache (CVE-2010-2232). Data can be tampered with by attackers.
CVE-2017-12628 Unsafe Deserialization in apache (CVE-2017-12628)
vulnerability in apache (CVE-2017-12628). Successful exploitation can lead to full system takeover.
CVE-2015-6668 Information Disclosure in wordpress (CVE-2015-6668)
vulnerability in wordpress (CVE-2015-6668). Confidential information can be exposed externally.
CVE-2017-5635 Authentication Bypass in apache (CVE-2017-5635)
authentication bypass in apache (CVE-2017-5635). Confidential information can be exposed externally.
CVE-2012-6707 Vulnerability in wordpress (CVE-2012-6707)
vulnerability in wordpress (CVE-2012-6707). Confidential information can be exposed externally.
CVE-2015-5227 Vulnerability in wordpress (CVE-2015-5227)
vulnerability in wordpress (CVE-2015-5227). Successful exploitation can lead to full system takeover.
CVE-2016-4461 Vulnerability in apache (CVE-2016-4461)
vulnerability in apache (CVE-2016-4461). Successful exploitation can lead to full system takeover.
CVE-2017-10619 Vulnerability in express (CVE-2017-10619)
vulnerability in express (CVE-2017-10619). Risk of unauthorized operations or information disclosure.
CVE-2017-5637 Vulnerability in apache (CVE-2017-5637)
vulnerability in apache (CVE-2017-5637). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.4.10` or later.
CVE-2015-2673 Vulnerability in wordpress (CVE-2015-2673)
vulnerability in wordpress (CVE-2015-2673). Successful exploitation can lead to full system takeover.
CVE-2017-15079 Path Traversal in wordpress (CVE-2017-15079)
path traversal in wordpress (CVE-2017-15079). Confidential information can be exposed externally.
CVE-2017-14848 SQL Injection in wordpress (CVE-2017-14848)
SQL injection in wordpress (CVE-2017-14848). Successful exploitation can lead to full system takeover.
CVE-2016-6806 Cross-Site Request Forgery (CSRF) in apache (CVE-2016-6806)
vulnerability in apache (CVE-2016-6806). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2017-13989 Vulnerability in express (CVE-2017-13989)
vulnerability in express (CVE-2017-13989). Confidential information can be exposed externally.
CVE-2015-9233 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-9233)
vulnerability in wordpress (CVE-2015-9233). Successful exploitation can lead to full system takeover.
CVE-2015-9234 SQL Injection in wordpress (CVE-2015-9234)
SQL injection in wordpress (CVE-2015-9234). Successful exploitation can lead to full system takeover.
CVE-2016-4434 XXE (XML External Entity) in apache (CVE-2016-4434)
vulnerability in apache (CVE-2016-4434). Successful exploitation can lead to full system takeover.
CVE-2017-7687 Vulnerability in apache (CVE-2017-7687)
vulnerability in apache (CVE-2017-7687). Risk of unauthorized operations or information disclosure.
CVE-2017-9790 Use-After-Free in apache (CVE-2017-9790)
vulnerability in apache (CVE-2017-9790). Risk of unauthorized operations or information disclosure.
CVE-2017-14842 SQL Injection in wordpress (CVE-2017-14842)
SQL injection in wordpress (CVE-2017-14842). Successful exploitation can lead to full system takeover.
CVE-2017-14843 Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14844 Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
CVE-2017-14845 Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14846 Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14847 Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-2551 Vulnerability in wordpress (CVE-2017-2551)
vulnerability in wordpress (CVE-2017-2551). Confidential information can be exposed externally.
CVE-2017-14766 Authentication Bypass in wordpress (CVE-2017-14766)
authentication bypass in wordpress (CVE-2017-14766). Data can be tampered with by attackers.
CVE-2017-14704 Unrestricted File Upload in laravel (CVE-2017-14704)
vulnerability in laravel (CVE-2017-14704). Successful exploitation can lead to full system takeover.
CVE-2017-14719 Path Traversal in wordpress (CVE-2017-14719)
path traversal in wordpress (CVE-2017-14719). Confidential information can be exposed externally.
CVE-2017-14722 Path Traversal in wordpress (CVE-2017-14722)
path traversal in wordpress (CVE-2017-14722). Confidential information can be exposed externally.
CVE-2017-9793 Vulnerability in apache (CVE-2017-9793)
vulnerability in apache (CVE-2017-9793). Risk of unauthorized operations or information disclosure.
CVE-2017-9804 Vulnerability in apache (CVE-2017-9804)
vulnerability in apache (CVE-2017-9804). Risk of unauthorized operations or information disclosure.
CVE-2015-4089 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-4089)
vulnerability in wordpress (CVE-2015-4089). Successful exploitation can lead to full system takeover.
CVE-2017-12616 Information Disclosure in apache (CVE-2017-12616)
vulnerability in apache (CVE-2017-12616). Confidential information can be exposed externally.
CVE-2017-9803 Authentication Bypass in apache (CVE-2017-9803)
authentication bypass in apache (CVE-2017-9803). Successful exploitation can lead to full system takeover.
CVE-2017-9798 Use-After-Free in c (CVE-2017-9798)
vulnerability in c (CVE-2017-9798). Confidential information can be exposed externally.
CVE-2017-14530 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-14530)
vulnerability in wordpress (CVE-2017-14530). Successful exploitation can lead to full system takeover.
CVE-2014-7808 Vulnerability in apache (CVE-2014-7808)
vulnerability in apache (CVE-2014-7808). Confidential information can be exposed externally.
CVE-2017-2299 Vulnerability in apache (CVE-2017-2299)
vulnerability in apache (CVE-2017-2299). Confidential information can be exposed externally. Exploitable via ``ssl_ca``.
CVE-2017-1002025 SQL Injection in wordpress (CVE-2017-1002025)
SQL injection in wordpress (CVE-2017-1002025). Successful exploitation can lead to full system takeover.
CVE-2017-1002026 SQL Injection in wordpress (CVE-2017-1002026)
SQL injection in wordpress (CVE-2017-1002026). Successful exploitation can lead to full system takeover.
CVE-2017-1002004 SQL Injection in wordpress (CVE-2017-1002004)
SQL injection in wordpress (CVE-2017-1002004). Data can be tampered with by attackers.
CVE-2017-1002005 SQL Injection in wordpress (CVE-2017-1002005)
SQL injection in wordpress (CVE-2017-1002005). Data can be tampered with by attackers.
CVE-2017-1002006 Vulnerability in wordpress (CVE-2017-1002006)
vulnerability in wordpress (CVE-2017-1002006). Data can be tampered with by attackers.
CVE-2017-1002007 Vulnerability in wordpress (CVE-2017-1002007)
vulnerability in wordpress (CVE-2017-1002007). Data can be tampered with by attackers.
CVE-2016-8737 Cross-Site Request Forgery (CSRF) in apache (CVE-2016-8737)
vulnerability in apache (CVE-2016-8737). Successful exploitation can lead to full system takeover.
CVE-2016-8744 Unsafe Deserialization in apache (CVE-2016-8744)
vulnerability in apache (CVE-2016-8744). Successful exploitation can lead to full system takeover.
CVE-2017-12612 Unsafe Deserialization in apache (CVE-2017-12612)
vulnerability in apache (CVE-2017-12612). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →