PT-2026-50070

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

-Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media plugin when handling crafted data-mce- attributes. An attacker can execute arbitrary scripts in the context of the user's browser by...

Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling

Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...

splunk-web-attack-detection

🔍 Web Application Attack Detection & Threat Hunting Using Splu...

CVE-2026-42368

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

CVE-2026-28741

Mattermost CVE-2026-28741 concerns CSRF token validation bypass on an authentication endpoint, enabling an attacker to update a user’s authentication method via a CSRF attack when a user visits a malicious page. Affected versions are Mattermost 10.11.x ≤ 10.11.12, 11.5.x ≤ 11.5.0, 11.4.x ≤ 11.4.2...

Multi-Stage-Web-Attack-XSS-to-Admin-Takeover-and-RCE

🛡️ Multi-Stage Web Attack: XSS to Admin Takeover & RCE This p...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

PT-2026-3470

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...

CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

EUVD-2010-2662

Malware in sbrugna...

EUVD-2021-0622

Malware in sbrugna...

EUVD-2013-0929

Malware in sbrugna...

EUVD-2003-0719

Malware in sbrugna...

EUVD-2020-8902

Malware in sbrugna...

EUVD-2019-9591

Malware in sbrugna...

EUVD-2016-10276

Malware in sbrugna...