We get it — your site sits on a stack everyone else is trying to break. WebVuln™ is a working index of known web vulnerabilities for those platforms.
Total CVEs
977
Stacks with data
16
High / critical
552
Newest published
2026-03-26
| CVE | Stack | Summary | Severity | CVSS | Published | Detail |
|---|---|---|---|---|---|---|
| CVE-2026-33687 | PHP | Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload… | HIGH | 8.8 | Details | |
| CVE-2026-33687 | Laravel | Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload… | HIGH | 8.8 | Details | |
| CVE-2026-33686 | Laravel | Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in th… | HIGH | 8.8 | Details | |
| CVE-2026-33672 | Express | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerabilit… | MEDIUM | 5.3 | Details | |
| CVE-2026-33671 | Express | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Se… | HIGH | 7.5 | Details | |
| CVE-2026-33671 | Node.js | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Se… | HIGH | 7.5 | Details | |
| CVE-2026-1556 | Drupal | Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Drupal 7.x allow… | — | — | Details | |
| CVE-2026-0748 | Drupal | In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer con… | — | — | Details | |
| CVE-2026-4933 | Drupal | Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node P… | — | — | Details | |
| CVE-2026-4393 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated L… | — | — | Details | |
| CVE-2026-3573 | Drupal | Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial In… | — | — | Details | |
| CVE-2026-3532 | Drupal | Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects … | — | — | Details | |
| CVE-2026-3531 | Drupal | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass… | — | — | Details | |
| CVE-2026-3530 | Drupal | Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affe… | — | — | Details | |
| CVE-2026-3529 | Drupal | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cr… | — | — | Details | |
| CVE-2026-3528 | Drupal | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cros… | — | — | Details | |
| CVE-2026-3527 | Drupal | Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control… | — | — | Details | |
| CVE-2026-3526 | Drupal | Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (d… | — | — | Details | |
| CVE-2026-3525 | Drupal | Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (d… | — | — | Details | |
| CVE-2026-33742 | Laravel | Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja… | MEDIUM | 5.4 | Details |
WebVuln™ lists NVD records that match our curated web-stack keywords — not personalized security advice. For your own site, run WebCheck™.