Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-50203 Path Traversal in apache-airflow-providers-sftp (CVE-2026-50203)
path traversal in apache-airflow-providers-sftp (CVE-2026-50203). Confidential information can be exposed externally. Exploitable via ``SFTPHook.retrieve_directory``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-32967 Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
CVE-2026-32966 Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.4.2` or later.
CVE-2026-25470 Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
CVE-2025-69129 Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
CVE-2026-52715 Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-49776 SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVE-2018-25436 Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
CVE-2026-8935 Vulnerability in wordpress (CVE-2026-8935)
vulnerability in wordpress (CVE-2026-8935). Successful exploitation can lead to full system takeover.
CVE-2026-50628 Vulnerability in apache (CVE-2026-50628)
vulnerability in apache (CVE-2026-50628). Successful exploitation can lead to full system takeover.
CVE-2026-50627 Vulnerability in apache (CVE-2026-50627)
vulnerability in apache (CVE-2026-50627). Successful exploitation can lead to full system takeover.
CVE-2026-49875 XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
CVE-2026-47365 Vulnerability in wordpress (CVE-2026-47365)
vulnerability in wordpress (CVE-2026-47365). Successful exploitation can lead to full system takeover.
CVE-2026-45558 Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
CVE-2026-45556 Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
CVE-2026-45552 Vulnerability in nginx (CVE-2026-45552)
vulnerability in nginx (CVE-2026-45552). Successful exploitation can lead to full system takeover.
CVE-2026-45550 Vulnerability in nginx (CVE-2026-45550)
vulnerability in nginx (CVE-2026-45550). Data can be tampered with by attackers. Exploitable via `PUT /smon/check`.
CVE-2025-6254 Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
CVE-2026-9067 Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
CVE-2017-20251 Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
CVE-2026-44631 Vulnerability in apache (CVE-2026-44631)
vulnerability in apache (CVE-2026-44631). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.68` or later.
CVE-2026-42535 Vulnerability in apache (CVE-2026-42535)
vulnerability in apache (CVE-2026-42535). Data can be tampered with by attackers. Mitigation: upgrade to `2.4.68` or later.
CVE-2026-29167 Use-After-Free in apache (CVE-2026-29167)
vulnerability in apache (CVE-2026-29167). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.68` or later.
CVE-2024-58348 Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
CVE-2023-54352 Vulnerability in wordpress (CVE-2023-54352)
vulnerability in wordpress (CVE-2023-54352). Successful exploitation can lead to full system takeover.
CVE-2024-58349 Unrestricted File Upload in wordpress (CVE-2024-58349)
vulnerability in wordpress (CVE-2024-58349). Successful exploitation can lead to full system takeover.
CVE-2026-10580 Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
CVE-2026-50076 Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
CVE-2019-25738 Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
CVE-2019-25727 Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
CVE-2026-47065 Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-8206 Privilege Escalation in wordpress (CVE-2026-8206)
vulnerability in wordpress (CVE-2026-8206). Successful exploitation can lead to full system takeover.
CVE-2026-42252 Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-4290 Vulnerability in wordpress (CVE-2026-4290)
vulnerability in wordpress (CVE-2026-4290). Data can be tampered with by attackers.
CVE-2026-3655 Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-8809 Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
CVE-2026-8760 Vulnerability in wordpress (CVE-2026-8760)
vulnerability in wordpress (CVE-2026-8760). Successful exploitation can lead to full system takeover.
CVE-2026-48904 Vulnerability in joomla (CVE-2026-48904)
vulnerability in joomla (CVE-2026-48904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48902 Vulnerability in joomla (CVE-2026-48902)
vulnerability in joomla (CVE-2026-48902). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
CVE-2026-40383 Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
CVE-2026-35221 SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
CVE-2026-44930 Vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930)
vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →