Open WebUI 授权问题漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.8.11 had vulnerabilities related to authorization issues, which stemmed from improper access control in tool values...

CVE-2026-29909

CVE-2026-29909 affects MRCMS v3.1.2. The /admin/file/list.do endpoint in the file management module is unauthenticated and lacks input validation, enabling remote directory enumeration without credentials. The vulnerability is consistently described across NVD, Red Hat, ENISA EUVD, CVE List, and ...

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

CVE-2021-27489

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...

CVE-2025-62320

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

MediCare Portal Intentionally vulnerable healthcare patient...

EUVD-2018-21675

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

AppSec-Penetration-Testing-Lab

🔐 AppSec Penetration Testing Lab A hands-on application sec...

CVE-2026-4835

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

CVE-2026-4835

The CVE covers code-projects Accounting System 1.0, where the argument costumer_name in /my_account/add_costumer.php can be manipulated to trigger cross-site scripting in the Web Application Interface. The vulnerability is exploitable remotely and the exploit is public. Impact is limited to low i...

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🔥 Solar Exploiting Log4j - TryHackMe Walkthrough 📌 Room: S...

CVE-2026-4544

CVE-2026-4544 affects Wavlink WL-WN578W2 221110. The vulnerability is in the POST Request Handler’s /cgi-bin/login.cgi, where manipulating the argument homepage/hostname/login_page can trigger cross-site scripting. Exploitation is possible remotely, and public exploit activity is indicated. No ve...

EUVD-2026-13686

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

CVE-2026-32888

CVE-2026-32888 affects Open Source Point of Sale (PHP, CodeIgniter). A SQL Injection exists in the Items search functionality when the custom attribute search feature (search_custom) is enabled: user input from the search GET parameter is interpolated directly into a HAVING clause without paramet...