Exposure of Qwik
Web frameworks22
exposure score
779
sites use
0
exploited
3
critical
CVEs
9 resultsCVE-2026-27971CRITICALQwik affected by unauthenticated RCE via server$ DeserializationEPSS 4.6%CVE-2026-25150CRITICALPrototype Pollution via FormData Processing in Qwik CityEPSS 0.6%CVE-2024-41677MEDIUMCross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwikEPSS 0.5%CVE-2026-32701HIGHQwik has array method pollution in FormData processing, allowing type confusion and DoSEPSS 0.4%CVE-2026-25148MEDIUMQwik SSR XSS via Unsafe Virtual Node SerializationEPSS 0.3%CVE-2025-53620CRITICALCrashing any Qwik ServerEPSS 0.3%CVE-2026-25149LOWQwik City Open Redirect via fixTrailingSlashEPSS 0.2%CVE-2026-25151MEDIUMQwik City has a CSRF Protection Bypass via Content-Type Header ValidationEPSS 0.2%CVE-2026-25155MEDIUM[qwik-city] CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)EPSS 0.1%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →