Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security

We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

📄 OWASP CRS WAF Bypass

OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...

CVE-2025-41023

An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used...

CVE-2026-23619

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$Pv3$txtDescription on /MailEssentials/pages/MailSecurity/general.aspx, which is st...

CVE-2025-71248

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GHSA-9PQ4-5HCF-288C Cache poisoning in @sveltejs/adapter-vercel

Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users...

CVE-2025-41023

An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used...

CVE-2025-41023

CVE-2025-41023 concerns Thesamur’s AutoGPT with an authentication bypass that lets an attacker access features without proper authorization. The vulnerability is network-exposed (attack_vector: NETWORK) and requires no privileges or user interaction, with a LOW-impact in confidentiality and integ...

AutoGPT 授权问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. However, AutoGPT has authorization-related vulnerabilities. These vulnerabilities stem from defects in the authentication mechanism, which may allow attackers to bypass authentication and...

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

ZoneMinder 安全漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Version 1.36.34 of ZoneMinder contains a security vulnerability. This vulnerability stems from user input that is passed directly into the exec function in...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2026-2620

Huace Monitoring and Early Warning System version 2.2 is affected by a SQL injection in the web application path /Web/SysManage/ProjectRole.aspx when the ID parameter is manipulated. The vulnerability is exploitable remotely, with public exploits available, and the vendor has not responded to dis...

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

SINGAPORE, Singapore, 17th February 2026, CyberNewswire...

CVE-2025-2418

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...