Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2024-11406 Cross-Site Scripting (XSS) in djangocms-attributes-field (CVE-2024-11406)
cross-site scripting in djangocms-attributes-field (CVE-2024-11406). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0` or later.
CVE-2024-11319 Cross-Site Scripting (XSS) in django-cms (CVE-2024-11319)
cross-site scripting in django-cms (CVE-2024-11319). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.4` or later.
CVE-2023-50780 Vulnerability in apache (CVE-2023-50780)
vulnerability in apache (CVE-2023-50780). Successful exploitation can lead to full system takeover.
CVE-2024-27348 KEV [KEV] Vulnerability in Apache hugegraph-server (CVE-2024-27348)
vulnerability in Apache hugegraph-server (CVE-2024-27348). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-38856 KEV [KEV] Authorization Flaw in Apache ofbiz (CVE-2024-38856)
vulnerability in Apache ofbiz (CVE-2024-38856). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-32113 KEV [KEV] Path Traversal in Apache ofbiz (CVE-2024-32113)
path traversal in Apache ofbiz (CVE-2024-32113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17519 KEV [KEV] Vulnerability in Apache flink (CVE-2020-17519)
vulnerability in Apache flink (CVE-2020-17519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-21490 Vulnerability in angular (CVE-2024-21490)
vulnerability in angular (CVE-2024-21490). Risk of unauthorized operations or information disclosure.
CVE-2023-51702 Vulnerability in apache (CVE-2023-51702)
vulnerability in apache (CVE-2023-51702). Confidential information can be exposed externally.
CVE-2018-15133 KEV [KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23752 KEV [KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-27524 KEV [KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-0241 Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
CVE-2023-46604 KEV [KEV] Unsafe Deserialization in Apache activemq (CVE-2023-46604)
vulnerability in Apache activemq (CVE-2023-46604). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2021-3129 KEV [KEV] Vulnerability in Laravel ignition (CVE-2021-3129)
vulnerability in Laravel ignition (CVE-2021-3129). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-33246 KEV [KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
code injection in Apache rocketmq (CVE-2023-33246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-34840 Cross-Site Scripting (XSS) in angular (CVE-2023-34840)
cross-site scripting in angular (CVE-2023-34840). Risk of unauthorized operations or information disclosure.
CVE-2023-33234 Vulnerability in apache (CVE-2023-33234)
vulnerability in apache (CVE-2023-33234). Successful exploitation can lead to full system takeover.
CVE-2016-8735 KEV [KEV] Vulnerability in Apache tomcat (CVE-2016-8735)
vulnerability in Apache tomcat (CVE-2016-8735). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-45046 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-45046)
vulnerability in Apache log4j2 (CVE-2021-45046). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-33891 KEV [KEV] OS Command Injection in Apache pyspark (CVE-2022-33891)
OS command injection in Apache pyspark (CVE-2022-33891). Successful exploitation can lead to full system takeover. Exploitable via ``spark.acls.enable``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `3.2.2` or later.
CVE-2022-3907 Vulnerability in wordpress (CVE-2022-3907)
vulnerability in wordpress (CVE-2022-3907). Confidential information can be exposed externally.
CVE-2022-24706 KEV [KEV] Vulnerability in Apache couchdb (CVE-2022-24706)
vulnerability in Apache couchdb (CVE-2022-24706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-24112 KEV [KEV] Vulnerability in Apache apisix (CVE-2022-24112)
vulnerability in Apache apisix (CVE-2022-24112). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-4040 Vulnerability in redhat (CVE-2021-4040)
vulnerability in redhat (CVE-2021-4040). Risk of unauthorized operations or information disclosure.
CVE-2022-35278 Cross-Site Scripting (XSS) in org.apache.activemq:artemis-server (CVE-2022-35278)
cross-site scripting in org.apache.activemq:artemis-server (CVE-2022-35278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.24.0` or later.
CVE-2022-36124 Vulnerability in apache-avro (CVE-2022-36124)
vulnerability in apache-avro (CVE-2022-36124). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.0` or later.
CVE-2022-2356 Unrestricted File Upload in wordpress (CVE-2022-2356)
vulnerability in wordpress (CVE-2022-2356). Successful exploitation can lead to full system takeover.
CVE-2022-34169 Vulnerability in apache (CVE-2022-34169)
vulnerability in apache (CVE-2022-34169). Data can be tampered with by attackers.
CVE-2021-29005 Vulnerability in apache (CVE-2021-29005)
vulnerability in apache (CVE-2021-29005). Successful exploitation can lead to full system takeover.
CVE-2018-7602 KEV [KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-6340 KEV [KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-0752 KEV [KEV] Path Traversal in rails (CVE-2016-0752)
path traversal in rails (CVE-2016-0752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2014-0130 KEV [KEV] Path Traversal in rails (CVE-2014-0130)
path traversal in rails (CVE-2014-0130). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2013-2251 KEV [KEV] Vulnerability in Apache struts (CVE-2013-2251)
vulnerability in Apache struts (CVE-2013-2251). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-1956 KEV [KEV] OS Command Injection in Apache kylin (CVE-2020-1956)
OS command injection in Apache kylin (CVE-2020-1956). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1273 KEV [KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2017-12617 KEV [KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12617)
vulnerability in Apache tomcat (CVE-2017-12617). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12615 KEV [KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12615)
vulnerability in Apache tomcat (CVE-2017-12615). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-1938 KEV [KEV] Privilege Escalation in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938)
vulnerability in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `7.0.100` or later.
CVE-2017-9791 KEV [KEV] Vulnerability in Apache struts-1 (CVE-2017-9791)
vulnerability in Apache struts-1 (CVE-2017-9791). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-3088 KEV [KEV] Vulnerability in Apache activemq (CVE-2016-3088)
vulnerability in Apache activemq (CVE-2016-3088). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-23913 Vulnerability in org.apache.activemq:artemis-core-client (CVE-2022-23913)
vulnerability in org.apache.activemq:artemis-core-client (CVE-2022-23913). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.19.1` or later.
CVE-2006-1547 KEV [KEV] Vulnerability in Apache struts-1 (CVE-2006-1547)
vulnerability in Apache struts-1 (CVE-2006-1547). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2012-0391 KEV [KEV] Vulnerability in Apache struts-2 (CVE-2012-0391)
vulnerability in Apache struts-2 (CVE-2012-0391). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-23302 Unsafe Deserialization in apache (CVE-2022-23302)
vulnerability in apache (CVE-2022-23302). Successful exploitation can lead to full system takeover.
CVE-2022-23307 Unsafe Deserialization in apache (CVE-2022-23307)
vulnerability in apache (CVE-2022-23307). Successful exploitation can lead to full system takeover.
CVE-2022-23305 SQL Injection in log4j:log4j (CVE-2022-23305)
SQL injection in log4j:log4j (CVE-2022-23305). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →