5278 matches found
CVE-2020-12765
Solis Miolo 2.0 allows index.php?module=install=view= Directory Traversal...
CVE-2020-10192
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/brokenclient endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php...
CVE-2021-41097
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...
CVE-1999-0665
An application-critical Windows NT registry key has an inappropriate value...
CVE-1999-0664
An application-critical Windows NT registry key has inappropriate permissions...
CVE-2019-12759
Symantec Endpoint Protection Manager SEPM and Symantec Mail Security for MS Exchange SMSMSE, prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicati...
CVE-2024-2649
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql...
CVE-2024-2648
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...
OreaHax-Framework
OreaHax-Framework ╔════════════════════════════════════...
Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams
We are introducing Zero Code Criticals and Zero Time to Respond clubs to give every team a clear north star for secure development and rapid response...
SQL-Injection-IDPS
Payloads All The Things A list of useful payloads and bypass...
EUVD-2025-204361
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...
task-3-security-testing
Security Testing for Web Applications Task 3: CODTECH Inte...
CVE-2025-55796
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...
lw-cnapp-microservices-iac
Project 2: Microservices with Infrastructure as Code ⚠️ WAR...
Paris, The Thinker, and why your WAF should block XSS by default
With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...
ROS-20251125-12
Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...
GenAI: Harness the Power, Eliminate the Risk — A Practical Playbook for Securing AI from Day One
Enterprises everywhere are racing to leverage AI to gain sharper insights, automate workflows, and deliver richer customer experiences. Based on an assessment conducted by Bain & Company, generative AI adoption is soaring, with 95% of US companies using it, up 12 percentage points in just a year...
8 Top Application Security Tools (2026 Edition)
The software revolution has redefined what’s possible in global business. Complex applications underpin e-commerce, healthcare, finance, transportation, and…...
What Security Teams Need to Know as PHP and IoT Exploits Surge
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...