14724 matches found
PT-2026-45793
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
Malicious Package
Overview nottuff23 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
CVE-2026-10258 itsourcecode Content Management System add_sub_topic.php sql injection
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...
web-app-pentest-altoromutual
Web Application Penetration Test β AltoroMutual demo.testfire...
bastion-waf-simulator
BASTION β Web Application Firewall Simulator A real-time We...
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43
naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...
CVE-2026-10173
A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...
web-application-security-testing-tool
web-application-security-testing-tool A Python-based Web Appli...
NileBank-Vulnerable-App
NileBank - Web Pen Testing Project A realistic bank web appli...
CVE-2026-30760
An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...
Consistent Protections Without Compromise: Akamaiβs WAF Is Now on AWS Marketplace
...
[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-18.fc44
naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...
PT-2026-44461
An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...
CVE-2026-45083
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...
CVE-2026-44886
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...
dotnet: .NET: infinite loop allows an attacker to cause a denial of service
A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...
Pi.Alert SQL注ε ₯ζΌζ΄
Pi.Alert is a WIFI/LAN intrusion detector developed by the individual developer jokob-sk. Versions of Pi.Alert prior to version 2026-05-07 contained an SQL injection vulnerability. This vulnerability stemmed from improper handling of the action and scansource parameters in requests sent to...
SUSE CVE-2026-42268
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
π Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection
Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...
CVE-2026-9451
A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...