CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

websec-skills

websec-skills Web Security Vulnerability Testing Skills Set,...

PT-2026-48470

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...

erebus

EREBUS Web application security assessment framework. For...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...

Web-Application-Pentest-Report

Web-Application-Pentest-Report OWASP methodology penetration t...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.35 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks for Integration REST API endpoints, which could allow authenticated dashboard members to perfo...

EUVD-2026-20641

monetr: Protected Transactions Deletable via PUT...

OWASP CRS 安全漏洞

OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...

Fedora 43 : python-django5 (2026-3adb735295)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3adb735295 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

ZoneMinder 安全漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Version 1.36.34 of ZoneMinder contains a security vulnerability. This vulnerability stems from user input that is passed directly into the exec function in...

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

SINGAPORE, Singapore, 17th February 2026, CyberNewswire...

Web Application Security Developer Training Guide

This guide gives a thorough overview of 34 web application vulnerabilities with descriptions of the issues, PHP examples of vulnerable code, exploit methodologies, and remediation strategies...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via stored cross-site scripting. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts, potentially leading to unauthorized privilege escalation...