Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

PT-2025-49026

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

Adobe Experience Manager (AEM) CRX Package Manager Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM CRX Package Manager panel on a web application. The CRX Package Manager is a tool used to manage packages in AEM, allowing users to install, uninstall, and manage content packages. No source data...

Adobe Experience Manager (AEM) Login Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM login panel on a web application. AEM is a comprehensive content management solution for building websites, mobile apps, and forms. No source data...

Adobe Experience Manager (AEM) Sling Login Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM Sling Login panel on a web application. The Sling Login panel is part of the Apache Sling framework used by AEM for content delivery and management, providing authentication and access control features. No source data...

Adobe Experience Manager (AEM) QueryBuilder Feed Servlet Detected

This plugin detects the presence of the Adobe Experience Manager AEM QueryBuilder Feed Servlet on a web application. The QueryBuilder Feed Servlet is part of AEM's QueryBuilder API, which allows developers to construct and execute queries against the AEM repository to retrieve content based on...

CVE-2025-13873

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

EUVD-2025-200215

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

PT-2025-48669

Name of the Vulnerable Software and Affected Versions CircutorSGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetLan function of the software. This function is triggered when a new configuration is applied via a management web request to the 'index.cgi'...

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

Defend Post-Quantum Cryptography's “Harvest Now, Decrypt Later” with WAAP

Prepare for a quantum-safe future. Learn how Akamai App & API Protector helps stop the data leaks that fuel “harvest now, decrypt later” attacks...

CVE-2025-13811

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort can lead to sql injection. It is possible to launch the atta...

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

org.apache.skywalking:apache-skywalking-apm (>=6.1.0 <=10.1.0), org.apache.skywalking:apache-skywalking-apm-es7 (>=6.6.0 <=8.7.0) +1 more potentially affected by CVE-2025-54057 via org.apache.skywalking:apm-webapp (>=10.0.1 <=9.7.0)

org.apache.skywalking:apm-webapp MAVEN version =10.0.1, =6.1.0, =6.6.0, =6.0.0-GA, =6.0.0-beta Source cves: CVE-2025-54057 Source advisory: SNYK:JAVA-ORGAPACHESKYWALKING-14220413...

web-app-vulnerability-scanner

web-app-vulnerability-scanner A Python-based Web Application V...

Paris, The Thinker, and why your WAF should block XSS by default

With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...