1335 matches found
PT-2026-7607
Name of the Vulnerable Software and Affected Versions InoERP version 0.7.2 Description InoERP version 0.7.2 has a persistent cross-site scripting issue in the comment section. Unauthenticated attackers can inject malicious scripts, such as JavaScript payloads, through comments. These scripts...
SSRF-to-RCE-Scanner
SSRF-to-RCE-Scanner IT is advanced Python-based security tool...
CVE-2023-50070
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...
CVE-2009-4039
Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-2356
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password...
CVE-2022-23861
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...
CVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
CVE-2020-12765
Solis Miolo 2.0 allows index.php?module=install=view= Directory Traversal...
OreaHax-Framework
OreaHax-Framework ╔════════════════════════════════════...
SQL-Injection-IDPS
Payloads All The Things A list of useful payloads and bypass...
EUVD-2025-204361
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...
task-3-security-testing
Security Testing for Web Applications Task 3: CODTECH Inte...
CVE-2025-55796
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...
Paris, The Thinker, and why your WAF should block XSS by default
With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...
ROS-20251125-12
Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...
What Security Teams Need to Know as PHP and IoT Exploits Surge
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...
Exploit for CVE-2025-55752
🚨🚨 CVE-2025-55752 — Apache Tomcat: Directory-protection bypass v...
cybersec-ids
cybersec-ids Full-stack AI-driven Web App Intrusion Detection...
Exploit for CVE-2025-63307
CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...