Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
framework vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
9.8
CVSSv3
CVE-2023-26750
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote malicious user to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the f...
Yiiframework Yii
9.8
CVSSv3
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote malicious user to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was ...
Zend Zend Framework
9.8
CVSSv3
CVE-2021-26277
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
Vivo Frame Service
9.8
CVSSv3
CVE-2023-22732
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into ...
Shopware Shopware
9.8
CVSSv3
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. ...
Cakephp Cakephp
9.8
CVSSv3
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions before 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some ...
Apache Dubbo
9.8
CVSSv3
CVE-2016-15007
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDi...
Centralized Salesforce Development Framework Project Centralized Salesforce Development Framework
9.8
CVSSv3
CVE-2022-47945
ThinkPHP Framework prior to 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by includ...
Thinkphp Thinkphp
1 Github repository
9.8
CVSSv3
CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one sessi...
Codeigniter Codeigniter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »