Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ACME validation logic that made it possible to bypass security controls and access origin servers. "The vulnerability was rooted in how our edge network processed requests destined for the...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

Exploit for SQL Injection in Phpgurukul Job_Portal

CVE-2024-8465 – SQL Injection Proof of Concept Team Inform...

CVE-2026-23839

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryUpdated=. Version 0.70.0 fixes the issue...

EUVD-2026-3300

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...

PT-2026-3484

Name of the Vulnerable Software and Affected Versions teklifolustur app versions prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c Description teklifolustur app is a web-based PHP application for managing quotes. An Insecure Direct Object Reference IDOR exists in the offer view...

CVE-2026-1123

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

PT-2026-3392

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal version 1.0 Description An improper authorization issue exists in the Add Sub-Admin Page of PHPGurukul News Portal. This flaw is located in an unknown function within the '/admin/add-subadmins.php' file and allows for...

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk

HCL MyXalytics v6.7 is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

PT-2026-3243

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.7 Description The web application does not rotate the JWT signing secret, resulting in improper management of a static secret. This introduces a security risk. Recommendations Rotate the JWT signing secret in the web...

Livewire Request Detected

This is an informational plugin to inform the user that the scanner has detected the usage of the Livewire framework in the target web application. Livewire is a full-stack framework for Laravel that makes building dynamic interfaces simple, without leaving the comfort of Laravel. No source data...

EUVD-2026-2016

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5...

MiracleLinux 4 : eclipse-3.6.1-6.13.AXS4 (AXSA:2011-432:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-432:01 advisory. The Eclipse platform is designed for building integrated development environments IDEs, server-side applications, desktop applications, and everything in...

CVE-2022-50911

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...

CVE-2022-50892 VIAVIWEB Wallpaper Admin 1.0 - SQL Injection via Login Page

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface...

CVE-2022-50911

Bitrix24 is affected by CVE-2022-50911 per connected sources, described as an authenticated remote code execution vulnerability. An attacker with valid credentials could abuse the PHP command-line administration interface by sending crafted POST requests to an admin endpoint to execute arbitrary ...

GHSA-45HJ-9X76-WP9G Outray has a Race Condition in the cli's webapp

Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts Details - The affected code-: ts //Race...

EUVD-2026-1913

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE Remote Code Execution. The application receives a reverse shell php into imagem of the user enabling RCE...

WebErpMesv2 安全漏洞

WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. A security vulnerability exists in WebErpMesv2 prior to version 1.19 that stems from a file upload validation bypass in multiple controllers, which could lead to remote code...