Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2026-13528 Path Traversal in vue (CVE-2026-13528)
path traversal in vue (CVE-2026-13528). Risk of unauthorized operations or information disclosure.
CVE-2026-8095 Vulnerability in wordpress (CVE-2026-8095)
vulnerability in wordpress (CVE-2026-8095). Data can be tampered with by attackers.
CVE-2026-10820 Vulnerability in wordpress (CVE-2026-10820)
vulnerability in wordpress (CVE-2026-10820). Data can be tampered with by attackers.
CVE-2026-52783 Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-56011 Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
CVE-2025-68063 Vulnerability in wordpress (CVE-2025-68063)
vulnerability in wordpress (CVE-2025-68063). Successful exploitation can lead to full system takeover.
CVE-2026-57915 Vulnerability in apache (CVE-2026-57915)
vulnerability in apache (CVE-2026-57915). Risk of unauthorized operations or information disclosure.
CVE-2026-10823 Vulnerability in wordpress (CVE-2026-10823)
vulnerability in wordpress (CVE-2026-10823). Confidential information can be exposed externally.
CVE-2026-10835 Vulnerability in wordpress (CVE-2026-10835)
vulnerability in wordpress (CVE-2026-10835). Confidential information can be exposed externally.
CVE-2026-49486 Vulnerability in apache (CVE-2026-49486)
vulnerability in apache (CVE-2026-49486). Confidential information can be exposed externally. Exploitable via ``ftplib.FTP_TLS``.
CVE-2026-9702 Vulnerability in wordpress (CVE-2026-9702)
vulnerability in wordpress (CVE-2026-9702). Data can be tampered with by attackers.
CVE-2026-5305 Vulnerability in wordpress (CVE-2026-5305)
vulnerability in wordpress (CVE-2026-5305). Successful exploitation can lead to full system takeover.
CVE-2026-12937 SQL Injection in wordpress (CVE-2026-12937)
SQL injection in wordpress (CVE-2026-12937). Confidential information can be exposed externally.
CVE-2026-12077 SQL Injection in wordpress (CVE-2026-12077)
SQL injection in wordpress (CVE-2026-12077). Confidential information can be exposed externally.
CVE-2026-12242 Code Injection in wordpress (CVE-2026-12242)
code injection in wordpress (CVE-2026-12242). Successful exploitation can lead to full system takeover.
CVE-2026-7761 Vulnerability in wordpress (CVE-2026-7761)
vulnerability in wordpress (CVE-2026-7761). Successful exploitation can lead to full system takeover.
CVE-2026-9710 Vulnerability in wordpress (CVE-2026-9710)
vulnerability in wordpress (CVE-2026-9710). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
CVE-2026-9709 Vulnerability in wordpress (CVE-2026-9709)
vulnerability in wordpress (CVE-2026-9709). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
CVE-2026-9643 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
cross-site scripting in wordpress (CVE-2026-9643). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_wpms_links.link_url``.
CVE-2026-9179 SQL Injection in wordpress (CVE-2026-9179)
SQL injection in wordpress (CVE-2026-9179). Confidential information can be exposed externally.
CVE-2026-9178 Vulnerability in wordpress (CVE-2026-9178)
vulnerability in wordpress (CVE-2026-9178). Confidential information can be exposed externally.
CVE-2026-8705 SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
CVE-2026-4297 Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
CVE-2026-12100 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12100)
SSRF in wordpress (CVE-2026-12100). Risk of unauthorized operations or information disclosure.
CVE-2026-12095 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12095)
SSRF in wordpress (CVE-2026-12095). Risk of unauthorized operations or information disclosure.
CVE-2026-10092 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
CVE-2026-10749 Vulnerability in wordpress (CVE-2026-10749)
vulnerability in wordpress (CVE-2026-10749). Successful exploitation can lead to full system takeover.
CVE-2026-10735 Vulnerability in wordpress (CVE-2026-10735)
vulnerability in wordpress (CVE-2026-10735). Confidential information can be exposed externally.
CVE-2026-10091 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
CVE-2026-8379 Vulnerability in wordpress (CVE-2026-8379)
vulnerability in wordpress (CVE-2026-8379). Confidential information can be exposed externally.
CVE-2026-8172 Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
CVE-2026-8163 Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
CVE-2026-48505 Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-50178 Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-49241 Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-44913 Vulnerability in apache (CVE-2026-44913)
vulnerability in apache (CVE-2026-44913). Successful exploitation can lead to full system takeover.
CVE-2026-6858 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
CVE-2026-4259 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
CVE-2026-8157 Privilege Escalation in wordpress (CVE-2026-8157)
vulnerability in wordpress (CVE-2026-8157). Successful exploitation can lead to full system takeover.
CVE-2026-44914 Vulnerability in apache (CVE-2026-44914)
vulnerability in apache (CVE-2026-44914). Successful exploitation can lead to full system takeover.
CVE-2025-66336 SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2026-11912 Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
CVE-2026-11911 Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
CVE-2026-9843 Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
CVE-2026-54762 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
CVE-2026-49287 Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
CVE-2026-49260 OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
CVE-2026-49872 Authentication Bypass in apache (CVE-2026-49872)
authentication bypass in apache (CVE-2026-49872). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →