Skip to content
Threat Feed
Subscribe

Tag

Webapps

13 briefs RSS
high advisory

MixPHP Framework 2.2.17 Unsafe Deserialization Remote Code Execution

MixPHP Framework 2.2.17 is vulnerable to remote code execution due to unsafe deserialization, with a public exploit available, increasing the risk for unpatched systems.

MixPHP Framework 2.2.17 webapps rce deserialization
2r 1t
high advisory

EspoCRM 9.3.3 SSRF Vulnerability (CVE-2026-33534)

A public exploit is available for EspoCRM 9.3.3, exploiting a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-33534) allowing authenticated attackers to potentially access internal resources.

EspoCRM 9.3.3 ssrf webapps cve-2026-33534
2r 1t 1c
high advisory

Casdoor 3.54.1 Arbitrary File Write via Path Traversal

Casdoor version 3.54.1 is vulnerable to a path traversal attack, allowing arbitrary file writes on the system, with a public exploit available.

Casdoor 3.54.1 path-traversal file-write webapps
2r 1t
high advisory

OpenCATS 0.9.7.4 SQL Injection Vulnerability

A SQL Injection vulnerability exists in OpenCATS 0.9.7.4, with a published exploit that allows for database version and user extraction on unpatched systems.

OpenCATS 0.9.7.4 sqli webapps opencats
2r 1t
critical advisory

WordPress Temporary Login Plugin Authentication Bypass Vulnerability

A public exploit is available for WordPress Temporary Login Plugin version 1.0.0, which demonstrates an authentication bypass vulnerability that can lead to account takeover, increasing the risk for unpatched systems.

Temporary Login Plugin 1.0.0 wordpress authentication-bypass account-takeover webapps
2r 1t
medium threat

SolarEdge CSRF and Out-of-Band Injection Vulnerability

A CSRF-OOB-Injection vulnerability exists in SolarEdge Monitoring Platform's `/solaredge-web/p/initClient` endpoint due to improper validation of session parameters, allowing attackers to manipulate headers to initiate requests to attacker-controlled domains, potentially leading to session compromise and unauthorized system control.

SolarEdge Monitoring Platform - Framework /solaredge-web/ solaredge csrf oob-injection webapps
2r 1t 1i
medium advisory

BookStack 25.12.1 Denial-of-Service Vulnerability

A denial-of-service vulnerability exists in BookStack version 25.12.1, and a public exploit (EDB-52571) is available, increasing the risk to unpatched systems.

BookStack denial-of-service webapps exploit
2r 1t
high threat

Cockpit 359 Remote Code Execution Vulnerability

Cockpit version 359 is vulnerable to remote code execution, and a public exploit is available on Exploit-DB, increasing the risk for unpatched systems.

Cockpit 359 rce webapps exploit
2r 1t
high advisory

ePati Antikor NGFW 2.0.1301 Authentication Bypass Vulnerability

A public exploit has been published for ePati Antikor NGFW 2.0.1301, exploiting an authentication bypass vulnerability, increasing the risk to unpatched systems.

Antikor NGFW 2.0.1301 authentication bypass webapps
1r 1t
critical advisory

Apache HertzBeat 1.8.0 Remote Code Execution Vulnerability

Apache HertzBeat 1.8.0 is vulnerable to remote code execution due to a newly published exploit, posing a significant risk to unpatched systems.

HertzBeat 1.8.0 rce apache-hertzbeat exploit webapps
2r 1t
high advisory

Bludit CMS 3.18.4 Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Bludit CMS 3.18.4, for which a public exploit has been published, increasing the risk to unpatched systems.

Bludit CMS 3.18.4 webapps rce bludit
2r 1t
critical threat

LuaJIT 2.1.1774638290 Arbitrary Code Execution Vulnerability

A public exploit has been published for LuaJIT version 2.1.1774638290, enabling arbitrary code execution on vulnerable web applications.

LuaJIT 2.1.1774638290 webapps code-execution luajit
2r 1t
high advisory

Ghost CMS 6.19.0 SQL Injection Vulnerability

A SQL injection vulnerability exists in Ghost CMS 6.19.0, and a public exploit (EDB-52555) is available, increasing the risk to unpatched systems.

Ghost CMS 6.19.0 sqli webapps ghostcms
2r 1t