NileBank-Vulnerable-App

NileBank - Web Pen Testing Project A realistic bank web appli...

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

Exploit for CVE-2026-22557

CVE-2026-22557 Vulnerability Assessment Tool Safely detect wh...

CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...

EUVD-2026-33378

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

CVE-2026-9051 Authentication Bypass Vulnerability in NI SystemLink Enterprise

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send...

CVE-2026-9051 Authentication Bypass Vulnerability in NI SystemLink Enterprise

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send...

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.4 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

CVE-2026-5768

CVE-2026-5768 concerns the Frontier X2 device and Frontier X mobile app, where unauthenticated BLE read/write access to critical GATT characteristics enables attackers within BLE range to control device functions, trigger vibrations, cause DoS, and forge health telemetry by impersonating devices ...

CVE-2026-45577 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-8633 and CVE-2026-8620)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a remote code execution and HTTP request smuggling vulnerability affecting WebSphere Application Server Web Server Plug-ins have been published in a security bulletin...

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

EUVD-2026-33344

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

CVE-2026-44962

Plesk: XPath injection in the APS Application Catalog search allows authenticated, low-privileged users to cause local privilege escalation by interpolating unsanitized input into XPath queries. Affected: Plesk APS Catalog search component. Root cause: inadequate input sanitization for XPath. Imp...

OESA-2026-2471 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2468 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...