1028 matches found
Apache Tomcat Examples Web Application - Cross-Site Scripting
Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
CVE-2026-54352 Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload
Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...
CVE-2026-49345
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...
Astra Linux – Vulnerability in Chromium
In incorrect security user interfaces of web app installations in Google Chrome on Android before version 90.0.4430.212, an attacker who convinced a user to install a web application could inject scripts or HTML into a privileged page through a crafted HTML page...
Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
-Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
OWASP_Top10_Web_Pentest
🔓 Week 04 — Web Application Penetration Testing OWASP Top 10...
SUSE CVE-2026-10923
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...
SUSE CVE-2026-11008
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8500
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...
EUVD-2026-34472
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11023
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-11023
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-11008
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-10923
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...
CVE-2026-11023
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11023
The CVE-2026-11023 issue affects Google Chrome prior to 149.0.7827.53 and is caused by an inappropriate implementation in the WebAppInstalls component. The vulnerability could allow a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page...
CVE-2026-10923
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...
CVE-2026-10923
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...