Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-frameworks Clear
ID Title
CVE-2014-7813 Vulnerability in rails (CVE-2014-7813)
vulnerability in rails (CVE-2014-7813). Risk of unauthorized operations or information disclosure.
CVE-2015-7806 Command Injection in wordpress (CVE-2015-7806)
command injection in wordpress (CVE-2015-7806). Successful exploitation can lead to full system takeover.
CVE-2016-4461 Vulnerability in apache (CVE-2016-4461)
vulnerability in apache (CVE-2016-4461). Successful exploitation can lead to full system takeover.
CVE-2014-8087 Cross-Site Scripting (XSS) in wordpress (CVE-2014-8087)
cross-site scripting in wordpress (CVE-2014-8087). Risk of unauthorized operations or information disclosure.
CVE-2014-8621 SQL Injection in wordpress (CVE-2014-8621)
SQL injection in wordpress (CVE-2014-8621). Successful exploitation can lead to full system takeover.
CVE-2016-8734 Vulnerability in apache (CVE-2016-8734)
vulnerability in apache (CVE-2016-8734). Risk of unauthorized operations or information disclosure.
CVE-2017-15375 Cross-Site Scripting (XSS) in wordpress (CVE-2017-15375)
cross-site scripting in wordpress (CVE-2017-15375). Risk of unauthorized operations or information disclosure. Exploitable via ``query``.
CVE-2017-12629 XXE (XML External Entity) in c (CVE-2017-12629)
vulnerability in c (CVE-2017-12629). Successful exploitation can lead to full system takeover.
CVE-2017-10619 Vulnerability in express (CVE-2017-10619)
vulnerability in express (CVE-2017-10619). Risk of unauthorized operations or information disclosure.
CVE-2016-6815 Vulnerability in apache (CVE-2016-6815)
vulnerability in apache (CVE-2016-6815). Data can be tampered with by attackers.
CVE-2016-8736 Unsafe Deserialization in apache (CVE-2016-8736)
vulnerability in apache (CVE-2016-8736). Successful exploitation can lead to full system takeover.
CVE-2016-9263 Vulnerability in wordpress (CVE-2016-9263)
vulnerability in wordpress (CVE-2016-9263). Risk of unauthorized operations or information disclosure.
CVE-2017-12623 XXE (XML External Entity) in apache (CVE-2017-12623)
vulnerability in apache (CVE-2017-12623). Confidential information can be exposed externally.
CVE-2017-5637 Vulnerability in apache (CVE-2017-5637)
vulnerability in apache (CVE-2017-5637). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.4.10` or later.
CVE-2014-0030 XXE (XML External Entity) in apache (CVE-2014-0030)
vulnerability in apache (CVE-2014-0030). Successful exploitation can lead to full system takeover.
CVE-2015-2673 Vulnerability in wordpress (CVE-2015-2673)
vulnerability in wordpress (CVE-2015-2673). Successful exploitation can lead to full system takeover.
CVE-2017-15079 Path Traversal in wordpress (CVE-2017-15079)
path traversal in wordpress (CVE-2017-15079). Confidential information can be exposed externally.
CVE-2014-7240 Cross-Site Scripting (XSS) in wordpress (CVE-2014-7240)
cross-site scripting in wordpress (CVE-2014-7240). Risk of unauthorized operations or information disclosure.
CVE-2014-8492 Cross-Site Scripting (XSS) in wordpress (CVE-2014-8492)
cross-site scripting in wordpress (CVE-2014-8492). Risk of unauthorized operations or information disclosure.
CVE-2014-8758 Cross-Site Scripting (XSS) in wordpress (CVE-2014-8758)
cross-site scripting in wordpress (CVE-2014-8758). Risk of unauthorized operations or information disclosure.
CVE-2017-9792 Vulnerability in apache (CVE-2017-9792)
vulnerability in apache (CVE-2017-9792). Data can be tampered with by attackers.
CVE-2017-14990 Vulnerability in wordpress (CVE-2017-14990)
vulnerability in wordpress (CVE-2017-14990). Confidential information can be exposed externally.
CVE-2017-9797 Information Disclosure in apache (CVE-2017-9797)
vulnerability in apache (CVE-2017-9797). Risk of unauthorized operations or information disclosure.
CVE-2017-14848 SQL Injection in wordpress (CVE-2017-14848)
SQL injection in wordpress (CVE-2017-14848). Successful exploitation can lead to full system takeover.
CVE-2017-12620 XXE (XML External Entity) in apache (CVE-2017-12620)
vulnerability in apache (CVE-2017-12620). Successful exploitation can lead to full system takeover.
CVE-2015-7357 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7357)
cross-site scripting in wordpress (CVE-2015-7357). Risk of unauthorized operations or information disclosure.
CVE-2015-7980 Cross-Site Scripting (XSS) in drupal (CVE-2015-7980)
cross-site scripting in drupal (CVE-2015-7980). Risk of unauthorized operations or information disclosure.
CVE-2014-0043 Information Disclosure in apache (CVE-2014-0043)
vulnerability in apache (CVE-2014-0043). Risk of unauthorized operations or information disclosure.
CVE-2016-6806 Cross-Site Request Forgery (CSRF) in apache (CVE-2016-6806)
vulnerability in apache (CVE-2016-6806). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2017-9794 Information Disclosure in apache (CVE-2017-9794)
vulnerability in apache (CVE-2017-9794). Risk of unauthorized operations or information disclosure.
CVE-2017-13986 Cross-Site Scripting (XSS) in express (CVE-2017-13986)
cross-site scripting in express (CVE-2017-13986). Risk of unauthorized operations or information disclosure.
CVE-2017-13987 Vulnerability in express (CVE-2017-13987)
vulnerability in express (CVE-2017-13987). Confidential information can be exposed externally.
CVE-2017-13988 Vulnerability in express (CVE-2017-13988)
vulnerability in express (CVE-2017-13988). Data can be tampered with by attackers.
CVE-2017-13989 Vulnerability in express (CVE-2017-13989)
vulnerability in express (CVE-2017-13989). Confidential information can be exposed externally.
CVE-2017-13990 Information Disclosure in express (CVE-2017-13990)
vulnerability in express (CVE-2017-13990). Risk of unauthorized operations or information disclosure.
CVE-2017-13991 Information Disclosure in express (CVE-2017-13991)
vulnerability in express (CVE-2017-13991). Risk of unauthorized operations or information disclosure.
CVE-2015-9233 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-9233)
vulnerability in wordpress (CVE-2015-9233). Successful exploitation can lead to full system takeover.
CVE-2015-9234 SQL Injection in wordpress (CVE-2015-9234)
SQL injection in wordpress (CVE-2015-9234). Successful exploitation can lead to full system takeover.
CVE-2016-4434 XXE (XML External Entity) in apache (CVE-2016-4434)
vulnerability in apache (CVE-2016-4434). Successful exploitation can lead to full system takeover.
CVE-2017-7687 Vulnerability in apache (CVE-2017-7687)
vulnerability in apache (CVE-2017-7687). Risk of unauthorized operations or information disclosure.
CVE-2017-9790 Use-After-Free in apache (CVE-2017-9790)
vulnerability in apache (CVE-2017-9790). Risk of unauthorized operations or information disclosure.
CVE-2017-14507 SQL Injection in wordpress (CVE-2017-14507)
SQL injection in wordpress (CVE-2017-14507). Successful exploitation can lead to full system takeover.
CVE-2017-14842 SQL Injection in wordpress (CVE-2017-14842)
SQL injection in wordpress (CVE-2017-14842). Successful exploitation can lead to full system takeover.
CVE-2017-14843 Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14844 Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
CVE-2017-14845 Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14846 Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14847 Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-2551 Vulnerability in wordpress (CVE-2017-2551)
vulnerability in wordpress (CVE-2017-2551). Confidential information can be exposed externally.
CVE-2017-14775 Information Disclosure in laravel (CVE-2017-14775)
vulnerability in laravel (CVE-2017-14775). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →