🌐

Web Application

slug: web-application

🛡 Related vulnerabilities 157

ID Title
CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...
CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-45555 Code Injection in csharp (CVE-2026-45555)
CVE-2026-45615 Vulnerability in c (CVE-2026-45615)
CVE-2026-44698 Code Injection in CVE-2026-44698 (CVE-2026-44698)
CVE-2026-10073 Vulnerability in path-traversal (CVE-2026-10073)
CVE-2026-4776 Mautic has SQL Injection in API Contact Filtering
CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2026-42760 Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
CVE-2026-42746 Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
CVE-2026-42753 Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
CVE-2026-42736 Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
CVE-2026-42737 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
CVE-2026-42730 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
CVE-2026-5260 A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret...
CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management System 1.0....
CVE-2026-42013 A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →