Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

framework — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in framework, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the Framework product, specifically focusing on weakness classifications within the framework ecosystem. It aggregates a comprehensive collection of security advisories, bug reports, and documented exploits that impact the stability, integrity, and confidentiality of the software. The data presented covers historical records spanning several years, ensuring a broad temporal perspective on emerging threats and the evolution of patched flaws over time. Visitors can utilize this resource to track vendor advisories and monitor how the development team addresses reported issues in response to public disclosures. It also serves as a reference for understanding specific weakness classes, such as injection flaws or improper access control, as they manifest in this particular framework. Additionally, users can look up the product's vulnerability history to assess past risks and evaluate the overall security posture of the technology stack. This centralized view helps developers, security analysts, and system administrators identify patterns in recurring defects and prioritize remediation efforts based on historical data trends. By consolidating disparate reports into a single interface, the page facilitates a deeper comprehension of the threat landscape relevant to the Framework product, supporting informed decision-making regarding updates, patches, and architectural changes without requiring extensive manual searching across multiple external sources.

Vendor: GraniteDS

CVE IDTitleCVSSSeverityPublished
CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) CWE-22 4.9 Medium2026-05-08
CVE-2025-67722 Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation CWE-426 7.8AIHighAI2025-12-16
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header CWE-287 7.4AIHighAI2025-12-09
CVE-2025-59056 FreePBX vulnerable to unauthenticated Denial of Service CWE-22 3.8AILowAI2025-09-15
CVE-2025-55211 FreePBX Post-Authenticated Command Injection CWE-78 7.2AIHighAI2025-09-15
CVE-2025-3590 Adianti Framework deserialization CWE-502 6.3 Medium2025-04-14
CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite CWE-74 6.8 Medium2025-03-12
CVE-2025-27515 Laravel has a File Validation Bypass CWE-155 6.5 -2025-03-05
CVE-2020-12492 Wifi information acquisition vulnerability in Framework Services CWE-306 7.5AIHighAI2024-11-25
CVE-2020-12491 Framework Information Disclosure Vulnerability CWE-306 5.5AIMediumAI2024-11-25
CVE-2024-52301 Laravel allows environment manipulation via query string CWE-88 6.5AIMediumAI2024-11-12
CVE-2024-21641 Flarum's Logout Route allows open redirects CWE-601 6.5 Medium2024-01-05
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum CWE-918 7.1 High2023-08-16
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum CWE-22 6.6 Medium2023-03-10
CVE-2023-22489 Flarum is missing authorization in discussion replies CWE-862 3.5 Low2023-01-13
CVE-2023-22488 Missing authorization in Flarum CWE-862 6.8 Medium2023-01-12
CVE-2023-22487 Post mentions can be used to read any post on the forum without access control CWE-284 7.7 High2023-01-11
CVE-2022-41938 Cross site scripting vulnerability with discussion titles in flarum CWE-79 9.0 Critical2022-11-19
CVE-2021-43808 Blade `@parent` Exploitation Leading To Possible XSS in Laravel CWE-79 5.3 Medium2021-12-07
CVE-2021-32831 Code injection in total.js CWE-94 7.5 High2021-08-30
CVE-2021-21263 Query Binding Exploitation in Laravel CWE-74 7.2 High2021-01-19
CVE-2017-3199 GraniteDS, version 3.1.1.GA, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization CWE-502 8.1 -2018-06-11
CVE-2017-3200 The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control CWE-913 8.1 -2018-06-11

All 23 known CVE vulnerabilities affecting framework with full Chinese analysis, references, and POCs where available.