Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
22 articles

#Web Application

All CosmicBytez Labs articles tagged #Web Application, across news, security advisories, how-to guides, and projects.

  • SecurityJul 12, 2026

    CVE-2026-15488: Unrestricted File Upload in shiroiAdmin Enables Remote Code Execution

    A high-severity unrestricted file upload vulnerability in shiroiAdmin versions 1.1 and 1.3 allows unauthenticated remote attackers to upload PHP webshells and achieve remote code execution.

  • SecurityJul 10, 2026

    CVE-2026-2342: ValeApp Stored Cross-Site Scripting (CVSS 9.3)

    A critical stored XSS vulnerability in OceanicSoft's ValeApp allows attackers to inject persistent JavaScript payloads that execute in every victim's...

  • SecurityJul 6, 2026

    CVE-2024-6228: WordPress WANotifier Plugin Local File Inclusion

    A local file inclusion vulnerability in the WANotifier WordPress plugin (before v2.6) allows any authenticated subscriber-level user to include and...

  • SecurityJul 6, 2026

    CVE-2026-14770: SQL Injection in SourceCodester Class and Exam Timetabling System

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate backend database...

  • SecurityJun 28, 2026

    CVE-2026-13485: SQL Injection in SourceCodester Class and Exam Timetabling System

    A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to...

  • SecurityJun 28, 2026

    CVE-2026-13486: SQL Injection in SourceCodester Class and Exam Timetabling System (preview6.php)

    A second high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 targets /preview6.php via the...

  • SecurityJun 6, 2026

    CVE-2026-11334: SQL Injection in College Management System

    A high-severity SQL injection vulnerability (CVSS 7.3) in CollegeManagementSystem allows attackers to manipulate the department_code parameter in…

  • SecurityJun 2, 2026

    CVE-2026-10263: SQL Injection in SourceCodester Computer Repair Shop Management System

    A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via…

  • SecurityMay 30, 2026

    CVE-2026-10110: SQL Injection in Student Details Management System 1.0

    A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...

  • SecurityMay 26, 2026

    CVE-2018-25362: Twitter-Clone SQL Injection via follow.php

    Twitter-Clone 1 contains a high-severity SQL injection vulnerability in follow.php that allows attackers to extract sensitive database information through.

  • SecurityMay 26, 2026

    CVE-2026-9525: SQL Injection in itsourcecode Electronic

    A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.

  • NewsMay 21, 2026

    Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites

    Drupal has released emergency security updates for CVE-2026-9082, a highly critical vulnerability in Drupal Core that allows remote code execution,...

  • SecurityMay 9, 2026

    CVE-2026-37431: Beauty Parlour Management System SQL

    A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...

  • SecurityApr 28, 2026

    CVE-2026-41462: ProjeQtor Unauthenticated SQL Injection in Login

    A critical unauthenticated SQL injection vulnerability in ProjeQtor project management software allows attackers to inject arbitrary SQL via the login...

  • SecurityApr 26, 2026

    CVE-2026-7002: SQL Injection in KLiK SocialMediaWebsite

    CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...

  • SecurityApr 24, 2026

    SocialEngine Unauthenticated SQL Injection via Activity

    A critical SQL injection vulnerability in SocialEngine versions 7.8.0 and prior allows unauthenticated remote attackers to execute arbitrary SQL queries...

  • SecurityApr 21, 2026

    CVE-2026-39918: Vvveb CMS Unauthenticated PHP Code

    Vvveb CMS versions prior to 1.0.8.1 allow unauthenticated attackers to inject arbitrary PHP code through the installation endpoint's unsanitized subdir...

  • SecurityApr 18, 2026

    CVE-2026-37749: SQL Injection Auth Bypass in CodeAstro

    A critical SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows unauthenticated remote attackers to bypass login...

  • SecurityApr 7, 2026

    CVE-2026-5637: SQL Injection in projectworlds Car Rental

    A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...

  • SecurityApr 5, 2026

    CVE-2026-5534 — SQL Injection in itsourcecode Online

    A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...

  • SecurityApr 5, 2026

    CVE-2026-5540 — SQL Injection in code-projects Simple

    A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...

  • SecurityFeb 6, 2026

    Apache Struts Critical RCE via OGNL Injection Returns

    A new critical OGNL injection vulnerability in Apache Struts allows unauthenticated remote code execution, reminiscent of the 2017 Equifax breach vector....