Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2026-26171
.NET
.NET Runtime / System.Security.Cryptography.Xml
Uncontrolled Resource Consumption
Improper Restriction of XML External Entity Reference
ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
Medium
Open in new tab icon
CVE-2026-4093
Drupal 7
Term Reference Tree Widget
Cross-Site Scripting
>= 7.1.x <=7.1.11
Apr 15, 2026
Medium
Open in new tab icon
CVE-2026-3214
Drupal 7
CAPTCHA
Broken Access
>=7.1.0 <=7.1.7
Apr 15, 2026
Medium
Open in new tab icon
CVE-2026-4929
Drupal 7
SHS Module
Cross-Site Scripting
>=7.1.0 <=7.1.11
Apr 15, 2026
High
Open in new tab icon
CVE-2026-34486
Apache Tomcat
Apache Tomcat
Incorrectly Configured Access Control
9.0.116, 10.1.53, 11.0.20
Apr 13, 2026
Low
Open in new tab icon
CVE-2026-34483
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.84 <=8.5.100, >=9.0.40 <=9.0.116, >=10.1.0-M1 <=10.1.53, >=11.0.0-M1 <=11.0.20
Apr 13, 2026
Medium
Open in new tab icon
CVE-2026-32990
Apache Tomcat
Apache Tomcat
Authorization Bypass
=nes-v8.5.104, >=9.0.113 <=9.0.115, >=10.1.50 <=10.1.52, >=11.0.15 <=11.0.19
Apr 13, 2026
High
Open in new tab icon
CVE-2026-29146
Apache Tomcat
Apache Tomcat
Cryptographic Weakness
>=7.0.100 <=7.0.109, >=8.5.38 <=8.5.100, >=9.0.13 <=9.0.115, >=10.0.0-M1 <=10.1.52, >=11.0.0-M1 <=11.0.18
Apr 13, 2026
Low
Open in new tab icon
CVE-2026-25854
Apache Tomcat
Apache Tomcat
URL Redirect/Open Redirect
>=8.5.30 <=8.5.100, >=9.0.0.M23 <=9.0.115, >=10.1.0-M1 <=10.1.52, >=11.0.0-M1 <=11.0.18
Apr 13, 2026
Low
Open in new tab icon
CVE-2026-24880
Apache Tomcat
Apache Tomcat
HTTP Request Smuggling
>=7.0.0 <=7.0.109, >=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.115, >=10.1.0-M1 <=10.1.52, >=11.0.0-M1 <=11.0.18
Apr 13, 2026
Medium
Open in new tab icon
CVE-2026-21717
Node.js
Node.js
Denial of Service
<20.20.2 >=22.0.0 <22.22.2 >=24.0.0 <24.14.1 >=25.0.0 <25.8.2
Apr 13, 2026
High
Open in new tab icon
CVE-2026-5795
Jetty
jetty-jaspi
Information Exposure
>= 9.4.0 < 9.4.61, >= 10.0.0 < 10.0.29, >= 11.0.0 < 11.0.29, >= 12.0.0 < 12.0.34, >= 12.1.0 < 12.1.8
Apr 10, 2026
High
Open in new tab icon
CVE-2026-22750
Spring
Spring Cloud Gateway
Cryptographic Weakness
4.2.0
Apr 9, 2026
Critical
Open in new tab icon
CVE-2022-46337
Apache Derby
Command Injection
>= 10.1.1.0, < 10.14.3, >= 10.15.0.0, < 10.15.2.1, >= 10.16.0.0, < 10.16.1.2, >= 10.17.0.0, < 10.17.1.0
Apr 1, 2026
High
Open in new tab icon
CVE-2025-9551
Drupal 7
Protected Pages
Broken Access
>=7.0.0 <=7.2.4
Mar 31, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.