Imperva Named a Leader in KuppingerCole’s Leadership Compass 2025 for Web Application and API Protection

In the latest 2025 KuppingerCole Leadership Compass for Web Application and API Protection WAAP, Imperva has once again secured a Leadership position; a testament to our unwavering commitment to protecting the modern digital experience. Why This Report Matters The WAAP market represents the...

ROS-20251125-12

Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...

CVE-2025-51745

CVE-2025-51745 affects jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks due to the deserialization flaw in that endpoint. The CVSS metrics indicate a high-severity, network-exposed chain with no user interaction and total impact on confidential...

Mutillidae-SAST-Analysis

🛡️ Static Application Security Testing SAST: OWASP Mutillida...

CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

CVE-2025-41087

CVE-2025-41087 ffects the Taclia web application. The vulnerability is a stored Cross-Site Scripting (XSS) flaw arising from SVG uploads that are not properly sanitized, allowing attackers to embed malicious scripts in SVGs (e.g., in image profiles) which are stored on the server and executed in ...

EUVD-2025-198629

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

Taclia Web Application 跨站脚本漏洞

Taclia Web Application is a billing and business management platform from Taclia Spain. A cross-site scripting vulnerability exists in the Taclia web application that stems from an uploaded SVG image that is not properly cleaned, which could lead to a stored cross-site scripting attack...

PT-2025-47899

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

Exploit for Relative Path Traversal in Fortinet Fortiweb

CVE-2025-64446 Fortinet FortiWeb Path Traversal RCE Exploit A...

phpPgAdmin <= 7.13.0 Multiple Vulnerabilities

phpPgAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phppgadmin:phppgadmin"; if...

EUVD-2025-198264

phppgadmin vulnerable to Cross-site Scripting...

CVE-2025-13468

A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function deleteforum/deletecareer/deletecomment/deletegallery/deleteevent of the file admin/adminclass.php of the component Delete Handler. Executing manipulation of the argument ID can lead to...

Fortinet FortiWeb Trust Management Issue Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Online Shopping Portal forgot-password.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...

School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

Responsive Hotel Site usersettingdel.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...

The Cloudflare Outage May Be a Security Roadmap

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have...

PT-2025-47536

Name of the Vulnerable Software and Affected Versions Campcodes Online Hospital Management System version 1.0 Description The Campcodes Online Hospital Management System version 1.0 is susceptible to SQL Injection. This issue affects the admin panel and specifically occurs through the username...