CVE-2025-30148

<= 5.3.23

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit conten

5.4MEDIUM

CVE-2024-13919

>= 11.9.0 and < 11.36.0

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper enc

8.0HIGH

CVE-2024-13918

>= 11.9.0 and < 11.36.0

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper enc

8.0HIGH

CVE-2025-27515

< 11.44.1

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (files.*), a user

9.8CRITICAL

CVE-2024-53277

< 5.3.8

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup.

5.4MEDIUM

CVE-2024-52301

< 6.20.45

Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a spe

7.5HIGH

CVE-2024-9443

< 1.5.1

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up t

6.4MEDIUM

CVE-2024-32981

< 5.2.16

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with acces

5.4MEDIUM

CVE-2024-4337

all versions

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) v

7.6HIGH

CVE-2024-4336

all versions

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) v

7.6HIGH

CVE-2023-48714

< 4.13.39

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.

4.3MEDIUM

CVE-2023-22729

< 4.12.5

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to ver

5.4MEDIUM

CVE-2023-22728

< 4.12.5

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to ver

4.3MEDIUM

CVE-2022-40482

>= 8.0.0 and < 8.83.24

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeles

5.3MEDIUM

CVE-2022-4414

all versions

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

6.1MEDIUM

CVE-2022-4413

all versions

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

6.1MEDIUM

CVE-2022-38147

>= 1.0.0 and < 1.11.1

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

5.4MEDIUM

CVE-2022-38145

>= 1.0.0 and < 1.11.1

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a p

5.4MEDIUM

CVE-2022-37430

>= 3.0.0 and < 4.11.13

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

5.4MEDIUM

CVE-2022-37429

>= 3.0.0 and < 4.11.13

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link

5.4MEDIUM

CVE-2022-38724

>= 4.0.0 and <= 4.11.0

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.

5.4MEDIUM

CVE-2022-38462

< 4.11.13

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Secur

6.1MEDIUM

CVE-2022-38148

<= 4.11.0

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

8.8HIGH

CVE-2022-38146

<= 4.11.0

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

5.4MEDIUM

CVE-2022-25238

<= 4.10.0

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can be added to website content via

5.4MEDIUM

CVE-2020-19316

< 5.8.17

OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.

8.8HIGH

CVE-2021-43808

< 6.20.42

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site script

5.3MEDIUM

CVE-2021-43617

<= 8.70.2

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Co

9.8CRITICAL

CVE-2020-7991

all versions

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.

8.8HIGH

CVE-2020-7990

all versions

Adive Framework 2.0.8 has admin/user/add userName XSS.

6.1MEDIUM

CVE-2020-7989

all versions

Adive Framework 2.0.8 has admin/user/add userUsername XSS.

6.1MEDIUM

CVE-2015-0270

< 2.2.10

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

9.8CRITICAL

CVE-2019-14987

<= 2.0.7

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.

4.8MEDIUM

CVE-2018-6330

all versions

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.

8.8HIGH

CVE-2011-3825

all versions

Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .p

CVE-2009-4417

<= 1.9.6

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrar

CVE-2007-6018

all versions

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecifi