5278 matches found
erebus
EREBUS Web application security assessment framework. For...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...
Application Security Strategies Are Changing as AI-generated Code Floods the SDLC
AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225
Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...
Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations
Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks...
Web-Application-Pentest-Report
Web-Application-Pentest-Report OWASP methodology penetration t...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.35 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks for Integration REST API endpoints, which could allow authenticated dashboard members to perfo...
EUVD-2026-20641
monetr: Protected Transactions Deletable via PUT...
OWASP CRS 安全漏洞
OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...
Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
New York, New York, April 1st, 2026, CyberNewswire...
Extend Application Security Visibility from Code to Runtime
...
AppSec-Penetration-Testing-Lab
🔐 AppSec Penetration Testing Lab A hands-on application sec...
CVE-2026-21790
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
Securing Applications Anywhere: Breaking Down the Wall of Confusion
Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private cloud, APIs, containers, and on-premises infrastructure. As application delivery has accelerated and architecture...
PT-2026-25597
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...
Fedora 43 : python-django5 (2026-3adb735295)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3adb735295 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...
Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM
San Francisco, CA, United States, 3rd March 2026, CyberNewswire...
ZoneMinder 安全漏洞
ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Version 1.36.34 of ZoneMinder contains a security vulnerability. This vulnerability stems from user input that is passed directly into the exec function in...
CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities
SINGAPORE, Singapore, 17th February 2026, CyberNewswire...