Framework

This hub aggregates every CVE we track for Framework, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Framework.

• CVE-2026-41887Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)4.9May 8, 2026
• CVE-2025-67722Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation7.8Dec 16, 2025
• CVE-2025-66039FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header9.8Dec 9, 2025
• CVE-2025-59056FreePBX vulnerable to unauthenticated Denial of Service7.5Sep 15, 2025
• CVE-2025-55211FreePBX Post-Authenticated Command Injection8.8Sep 15, 2025
• CVE-2025-3590Adianti Framework deserialization6.3Apr 14, 2025
• CVE-2025-30148Silverstripe Framework has a XSS vulnerability in HTML editor5.4Apr 10, 2025
• CVE-2025-27794Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite6.8Mar 12, 2025
• CVE-2024-13919Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page8.0Mar 10, 2025
• CVE-2024-13918Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page8.0Mar 10, 2025
• CVE-2025-27515Laravel has a File Validation Bypass9.8Mar 5, 2025
• CVE-2024-53277Cross-site Scripting in form messages in silverstripe framework5.4Jan 14, 2025
• CVE-2024-52301Laravel allows environment manipulation via query string7.5Nov 12, 2024
• CVE-2024-9443Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload6.4Nov 5, 2024
• CVE-2024-32981Cross-site Scripting vulnerability with encoded payload in silverstripe/framework5.4Jul 17, 2024