Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote att
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side render
Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote atta
CVE-2026-27971
CRITICAL CVSS 9.2
Find Similar
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user
CVE-2026-25150
CRITICAL CVSS 10.0
Find Similar
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The functio
Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users
CVE-2025-53620
CRITICAL CVSS 9.2
Find Similar
@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not h
The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to a Reflected Cros
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security header
CVE-2025-53835
CRITICAL CVSS 9.0
Find Similar
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious a
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of
The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blob_to_file() function in all versions up to, and
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.Thi
Page 1+ Next →