🌐

Web Application

slug: web-application

🛡 Related vulnerabilities 157

ID Title
CVE-2026-14802 A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
CVE-2026-57277 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57278 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57274 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57276 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57275 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57270 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57271 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57273 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57272 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-13125 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-57950 ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
CVE-2026-57955 SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-56780 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
CVE-2026-13521 A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
CVE-2026-13498 A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
CVE-2026-58054 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
CVE-2026-58056 RustDesk gates incoming control messages on per-capability flags rather than on the session's...
CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be...
CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →