Web Application Security Developer Training Guide

This guide gives a thorough overview of 34 web application vulnerabilities with descriptions of the issues, PHP examples of vulnerable code, exploit methodologies, and remediation strategies...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via stored cross-site scripting. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts, potentially leading to unauthorized privilege escalation...

CISO Spotlight: Craig Riddell on Curiosity, Translation, and Why API Security is the New Business Imperative

It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his new role as Wallarm’s Global Field CISO. It’s a position that suits him down to the ground, blending technical depth, empathy, business acumen, and, what Craig believes, the most underrated skill in...

PT-2026-7607

Name of the Vulnerable Software and Affected Versions InoERP version 0.7.2 Description InoERP version 0.7.2 has a persistent cross-site scripting issue in the comment section. Unauthenticated attackers can inject malicious scripts, such as JavaScript payloads, through comments. These scripts...

SSRF-to-RCE-Scanner

SSRF-to-RCE-Scanner IT is advanced Python-based security tool...

CVE-2026-22548 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000158072: BIG-IP Advanced WAF and ASM vulnerability CVE-2026-22548

Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. CVE-2026-22548 Impact Traffic is disrupted while the bd process...

PT-2026-6106

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Advanced WAF and ASM affected versions not specified Description A configuration issue within BIG-IP Advanced WAF or ASM security policies on a virtual server can lead to the termination of the bd process due to undisclosed requests...

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

Mitigating the OWASP Top 10 for Large Language Models Applications Using Intelligent Agents

Large Language Models LLMs have emerged as a transformative and disruptive technology, enabling a wide range of applications in natural language processing, machine translation, and beyond. However, this widespread integration of LLMs also raised several security concerns highlighted by the Open...

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

CVE-2009-4039

Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

CVE-2016-2356

Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password...

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

CVE-2022-26158

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...

CVE-2020-7083

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application...

CVE-2020-12765

Solis Miolo 2.0 allows index.php?module=install=view= Directory Traversal...