Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

framework — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in framework, with AI-generated Chinese analysis, references, and POCs.

Vendor: GraniteDS

CVE IDTitleCVSSSeverityPaused
CVE-2025-67722 Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation CWE-426 7.8AIHighAI2025-12-16
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header CWE-287 7.4AIHighAI2025-12-09
CVE-2025-59056 FreePBX vulnerable to unauthenticated Denial of Service CWE-22 3.8AILowAI2025-09-15
CVE-2025-55211 FreePBX Post-Authenticated Command Injection CWE-78 7.2AIHighAI2025-09-15
CVE-2025-3590 Adianti Framework deserialization CWE-502 6.3 Medium2025-04-14
CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite CWE-74 6.8 Medium2025-03-12
CVE-2025-27515 Laravel has a File Validation Bypass CWE-155 6.5 -2025-03-05
CVE-2020-12492 Wifi information acquisition vulnerability in Framework Services CWE-306 7.5AIHighAI2024-11-25
CVE-2020-12491 Framework Information Disclosure Vulnerability CWE-306 5.5AIMediumAI2024-11-25
CVE-2024-52301 Laravel allows environment manipulation via query string CWE-88 6.5AIMediumAI2024-11-12
CVE-2024-21641 Flarum's Logout Route allows open redirects CWE-601 6.5 Medium2024-01-05
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum CWE-918 7.1 High2023-08-16
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum CWE-22 6.6 Medium2023-03-10
CVE-2023-22489 Flarum is missing authorization in discussion replies CWE-862 3.5 Low2023-01-13
CVE-2023-22488 Missing authorization in Flarum CWE-862 6.8 Medium2023-01-12
CVE-2023-22487 Post mentions can be used to read any post on the forum without access control CWE-284 7.7 High2023-01-11
CVE-2022-41938 Cross site scripting vulnerability with discussion titles in flarum CWE-79 9.0 Critical2022-11-19
CVE-2021-43808 Blade `@parent` Exploitation Leading To Possible XSS in Laravel CWE-79 5.3 Medium2021-12-07
CVE-2021-32831 Code injection in total.js CWE-94 7.5 High2021-08-30
CVE-2021-21263 Query Binding Exploitation in Laravel CWE-74 7.2 High2021-01-19
CVE-2017-3199 GraniteDS, version 3.1.1.GA, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization CWE-502 8.1 -2018-06-11
CVE-2017-3200 The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control CWE-913 8.1 -2018-06-11

All 22 known CVE vulnerabilities affecting framework with full Chinese analysis, references, and POCs where available.