We get it — your site sits on a stack everyone else is trying to break. WebVuln™ is a working index of known web vulnerabilities for those platforms.
Total CVEs
4640
Stacks with data
16
High / critical
2031
Newest published
2026-06-05
| CVE | Stack | Summary | Severity | CVSS | Published | Detail |
|---|---|---|---|---|---|---|
| CVE-2026-10586 | WordPress | The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request For… | HIGH | 7.2 | Details | |
| CVE-2026-10796 | Node.js | nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror.… | HIGH | 7.5 | Details | |
| CVE-2026-10863 | Express | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled … | — | — | Details | |
| CVE-2026-10860 | Express | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE metho… | — | — | Details | |
| CVE-2026-43926 | nginx | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `… | — | — | Details | |
| CVE-2019-25745 | WordPress | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to … | HIGH | 8.2 | Details | |
| CVE-2019-25744 | WordPress | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicio… | MEDIUM | 6.4 | Details | |
| CVE-2019-25743 | WordPress | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malic… | MEDIUM | 6.4 | Details | |
| CVE-2019-25742 | WordPress | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject… | MEDIUM | 6.4 | Details | |
| CVE-2019-25738 | WordPress | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify W… | CRITICAL | 9.8 | Details | |
| CVE-2019-25732 | PHP | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by inje… | HIGH | 8.2 | Details | |
| CVE-2019-25729 | PHP | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by i… | CRITICAL | 9.8 | Details | |
| CVE-2019-25727 | WordPress | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download s… | CRITICAL | 9.8 | Details | |
| CVE-2026-10803 | React | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils… | LOW | 3.6 | Details | |
| CVE-2026-8653 | WordPress | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to,… | MEDIUM | 6.5 | Details | |
| CVE-2026-10737 | WordPress | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_f… | HIGH | 7.5 | Details | |
| CVE-2026-8888 | Express | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular e… | — | — | Details | |
| CVE-2026-7888 | PHP | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components… | — | — | Details | |
| CVE-2022-31114 | Laravel | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build … | — | — | Details | |
| CVE-2026-8404 | Django | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does no… | LOW | 3.1 | Details |
WebVuln™ lists NVD records that match our curated web-stack keywords — not personalized security advice. For your own site, run WebCheck™.