Web Application Security

Data Privacy and Cybersecurity Challenges in Smart Construction Platforms

News

Data Privacy and Cybersecurity Challenges in Smart Construction Platforms

As digital transformation accelerates across industries, smart construction platforms and intelligent buildings are becoming prime targets for...

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

News

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

Reports indicate that a prominent Indonesian educational technology platform may have been the target of a cybersecurity...

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

CVE News

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Vercel has resolved a significant security flaw in Next.js middleware authentication, which could have allowed attackers to...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

A newly discovered critical vulnerability (CVE-2025-2726) affecting multiple H3C Magic series routers allows remote attackers to execute...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Security Tools & Research

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Mass-Assigner is a newly released open-source security tool that helps organizations identify mass assignment vulnerabilities in web...

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

News

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

In today’s digital landscape where web applications form the core of business operations, penetration testing has become...

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

News

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

When integrating applications with Microsoft Azure, administrators may encounter the error “AADSTS700054: response_type ‘id_token’ is not enabled...

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

News

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

Large Language Models (LLMs) are increasingly integrated into enterprise workflows, but a new attack vector—ASCII smuggling—exploits Unicode’s...

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

Bug Bounties & Responsible Disclosure
Cyber Laws & Regulations
Exploitation
Malware Analysis
Red-Team
SIEM & Detection Engineering

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

A critical vulnerability, CVE-2025-2609, has been identified in MagnusSolution’s MagnusBilling software, a widely used billing and call...

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

Exploitation

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

A critical privilege escalation vulnerability, CVE-2025-0628, has been identified in the BerriAI/litellm application. This flaw allows users...

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

Exploitation

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

A critical vulnerability, CVE-2024-9701, has been identified in the Kedro ShelveStore class (version 0.19.8), a component of...

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

Exploitation

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

A high-severity vulnerability, CVE-2024-9919, has been identified in the parisneo/lollms-webui software, specifically in version V13. This vulnerability...

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

Exploitation

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

TL;DR CVE-2025-2303: A critical vulnerability in the Block Logic WordPress plugin allows authenticated attackers with Contributor-level access...

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

TL;DR CVE-2024-9880: A high-severity command injection vulnerability in Apache Pandas’ DataFrame.query function. Affected Versions: All versions up...

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

Exploitation

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

A newly disclosed vulnerability, CVE-2025-0452, has been identified in the latest version of eosphoros-ai/DB-GPT, a popular database...

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

Exploitation

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

TL;DR CVE-2025-23120: A critical remote code execution (RCE) vulnerability in Veeam Backup & Replication. Severity: 9.9 (CRITICAL)...

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

News

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

TL;DR CVE-2025-30472: A critical stack-based buffer overflow vulnerability in Corosync (up to version 3.1.9). Severity: Rated 9.0...

Microsoft Trust Signing Service Abused to Code-Sign Malware

APT-News

Microsoft Trust Signing Service Abused to Code-Sign Malware

In a concerning development, cybercriminals have been abusing Microsoft’s Trusted Signing platform to code-sign malware executables with...

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Exploitation

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

Next.js middleware, a cornerstone of modern web applications, faces a critical security threat. CVE-2025-29927 exposes a severe...

Posts pagination

1 2 Next

Web Application Security

Indonesian E-Learning Platform Reportedly Targeted in Cybersecurity Incident

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

Mass-Assigner: Automated Tool for Detecting Mass Assignment Vulnerabilities in Web APIs

Web Application Penetration Testing: Key Methodologies and Tools for Enterprise Security

How to Fix Azure AD Error “AADSTS700054”: Enabling ID Token Response for Applications

ASCII Smuggling: The Invisible Threat Targeting Enterprise AI Systems

CVE-2025-2609 – MagnusSolution MagnusBilling Cross-Site Scripting Vulnerability

CVE-2025-0628 – BerriAI Litellm Privilege Escalation Vulnerability

CVE-2024-9701 – Kedro ShelveStore Remote Code Execution Vulnerability

CVE-2024-9919 – Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

CVE-2025-2303 – Block Logic – WordPress Full Gutenberg Block Display Control Remote Code Execution

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-0452 – Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

CVE-2025-23120 – Veeam Backup & Replication RCE Vulnerability

CVE-2025-30472 – Corosync Stack-Based Buffer Overflow Vulnerability

Microsoft Trust Signing Service Abused to Code-Sign Malware

Exploiting CVE-2025-29927: A Red-Teamer’s Guide to Next.js Middleware Bypass

You may have missed

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)