Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-44576 Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44575 Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44574 Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44573 Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-43826 Vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826)
vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-41018 Vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018)
vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `6.5.3` or later.
CVE-2026-23918 Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
CVE-2026-6433 Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
CVE-2022-50970 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50970)
cross-site scripting in wordpress (CVE-2022-50970). Risk of unauthorized operations or information disclosure.
CVE-2022-50955 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2022-50955)
vulnerability in wordpress (CVE-2022-50955). Risk of unauthorized operations or information disclosure.
CVE-2022-50956 Path Traversal in wordpress (CVE-2022-50956)
path traversal in wordpress (CVE-2022-50956). Confidential information can be exposed externally.
CVE-2022-50958 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50958)
cross-site scripting in wordpress (CVE-2022-50958). Risk of unauthorized operations or information disclosure.
CVE-2022-50959 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50959)
cross-site scripting in wordpress (CVE-2022-50959). Risk of unauthorized operations or information disclosure.
CVE-2022-50960 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50960)
cross-site scripting in wordpress (CVE-2022-50960). Risk of unauthorized operations or information disclosure.
CVE-2022-50961 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50961)
cross-site scripting in wordpress (CVE-2022-50961). Risk of unauthorized operations or information disclosure.
CVE-2022-50957 Cross-Site Scripting (XSS) in drupal (CVE-2022-50957)
cross-site scripting in drupal (CVE-2022-50957). Risk of unauthorized operations or information disclosure.
CVE-2022-50945 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50945)
cross-site scripting in wordpress (CVE-2022-50945). Risk of unauthorized operations or information disclosure.
CVE-2022-50946 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50946)
cross-site scripting in wordpress (CVE-2022-50946). Risk of unauthorized operations or information disclosure.
CVE-2022-50947 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50947)
cross-site scripting in wordpress (CVE-2022-50947). Risk of unauthorized operations or information disclosure.
CVE-2022-50949 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50949)
cross-site scripting in wordpress (CVE-2022-50949). Risk of unauthorized operations or information disclosure.
CVE-2022-50954 Vulnerability in wordpress (CVE-2022-50954)
vulnerability in wordpress (CVE-2022-50954). Confidential information can be exposed externally.
CVE-2021-47948 Vulnerability in wordpress (CVE-2021-47948)
vulnerability in wordpress (CVE-2021-47948). Risk of unauthorized operations or information disclosure.
CVE-2021-47951 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47951)
cross-site scripting in wordpress (CVE-2021-47951). Risk of unauthorized operations or information disclosure.
CVE-2021-47940 Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
CVE-2021-47941 SQL Injection in wordpress (CVE-2021-47941)
SQL injection in wordpress (CVE-2021-47941). Confidential information can be exposed externally.
CVE-2021-47932 Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
CVE-2021-47933 Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
CVE-2021-47927 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47927)
cross-site scripting in wordpress (CVE-2021-47927). Risk of unauthorized operations or information disclosure.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-41893 Vulnerability in signalk-server (CVE-2026-41893)
vulnerability in signalk-server (CVE-2026-41893). Data can be tampered with by attackers. Exploitable via `POST /login`. Mitigation: upgrade to `2.25.0` or later.
CVE-2026-8198 Information Disclosure in wordpress (CVE-2026-8198)
vulnerability in wordpress (CVE-2026-8198). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-7652 Vulnerability in wordpress (CVE-2026-7652)
vulnerability in wordpress (CVE-2026-7652). Risk of unauthorized operations or information disclosure.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-44837 Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-44836 Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-44987 Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-42192 Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
CVE-2026-44200 Vulnerability in wagtail (CVE-2026-44200)
vulnerability in wagtail (CVE-2026-44200). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44201 Vulnerability in wagtail (CVE-2026-44201)
vulnerability in wagtail (CVE-2026-44201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44199 Vulnerability in wagtail (CVE-2026-44199)
vulnerability in wagtail (CVE-2026-44199). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44198 Vulnerability in wagtail (CVE-2026-44198)
vulnerability in wagtail (CVE-2026-44198). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44197 Vulnerability in wagtail (CVE-2026-44197)
vulnerability in wagtail (CVE-2026-44197). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-42190 Cross-Site Request Forgery (CSRF) in rwsdk (CVE-2026-42190)
vulnerability in rwsdk (CVE-2026-42190). Data can be tampered with by attackers. Exploitable via ``rwsdk``. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41683 Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-40295 Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
CVE-2026-41524 Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →