Qwik

Qwik

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-32701

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 08:52:41
  • Zuletzt bearbeitet 23.03.2026 15:30:54

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker coul...

9.8

CVE-2026-27971

  • EPSS 24.4%
  • Veröffentlicht 03.03.2026 22:55:38
  • Zuletzt bearbeitet 05.03.2026 17:57:37

Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a sin...

10

CVE-2026-25150

  • EPSS 0.07%
  • Veröffentlicht 03.02.2026 21:12:50
  • Zuletzt bearbeitet 10.02.2026 20:10:16

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The function processes form field names with dot notation (e....

6.1

CVE-2026-25148

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 21:12:38
  • Zuletzt bearbeitet 10.02.2026 20:12:16

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-r...

5.9

CVE-2026-25151

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 21:12:25
  • Zuletzt bearbeitet 10.02.2026 20:08:58

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protectio...

7.1

CVE-2026-25155

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 21:12:13
  • Zuletzt bearbeitet 10.02.2026 20:07:58

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

6.1

CVE-2026-25149

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 21:11:55
  • Zuletzt bearbeitet 10.02.2026 20:11:36

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful e...

6.1

CVE-2024-41677

Exploit
  • EPSS 0.61%
  • Veröffentlicht 06.08.2024 18:15:56
  • Zuletzt bearbeitet 12.08.2024 18:51:29

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules fo...

6.5

CVE-2023-2307

Exploit
  • EPSS 0.07%
  • Veröffentlicht 26.04.2023 17:15:11
  • Zuletzt bearbeitet 13.03.2026 19:21:11

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

9.8

CVE-2023-1283

Exploit
  • EPSS 0.28%
  • Veröffentlicht 08.03.2023 22:15:09
  • Zuletzt bearbeitet 13.03.2026 19:21:14

Code Injection in GitHub repository builderio/qwik prior to 0.21.0.