Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
36 articles

#Web Security

All CosmicBytez Labs articles tagged #Web Security, across news, security advisories, how-to guides, and projects.

  • NewsMay 31, 2026

    WP Maps Pro Bug Exploited to Create Admin Accounts on WordPress Sites

    Hackers are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin that allows unauthenticated attackers to create rogue administrator accounts, granting full site control without any login.

  • SecurityMay 31, 2026

    CVE-2018-25405: Multiple SQL Injections in eNdonesia Portal 8.7

    Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 allow attackers to extract sensitive database contents via the artid, cid,...

  • SecurityMay 31, 2026

    CVE-2018-25406: SQL Injection Across eNdonesia Portal 8.7 Modules

    Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 expose the publisher, artikel, and info modules to database extraction...

  • SecurityMay 31, 2026

    CVE-2018-25411: SQL Injection in MGB OpenSource Guestbook 0.7.0.2

    An unauthenticated SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 allows attackers to extract sensitive database contents via the 'id'...

  • SecurityMay 31, 2026

    CVE-2018-25412: Arbitrary File Upload RCE in Delta Sql 1.8.2

    A critical unauthenticated arbitrary file upload vulnerability in Delta Sql 1.8.2 allows attackers to upload malicious PHP files and achieve remote code...

  • SecurityMay 31, 2026

    CVE-2026-10178: SQL Injection in Online Music Site 1.0 Admin Panel

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Online Music Site 1.0, affecting the Administrator PHP AdminEditAlbum endpoint. A public exploit is available and no patch exists.

  • SecurityMay 30, 2026

    CVE-2026-7465: RCE in Spectra Gutenberg Blocks WordPress Plugin (CVSS 8.8)

    A high-severity remote code execution vulnerability in the Spectra Gutenberg Blocks plugin for WordPress allows authenticated Contributor-level attackers...

  • SecurityMay 19, 2026

    CVE-2025-15609: Fortis for WooCommerce Plugin Leaks API

    The Fortis for WooCommerce WordPress plugin before version 1.3.1 exposes sensitive API keys to unauthenticated attackers, enabling unauthorized access to...

  • SecurityMay 18, 2026

    CVE-2026-8785: SQL Injection in Hospital Management System

    A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...

  • NewsMay 15, 2026

    Avada Builder WordPress Plugin Flaws Allow Site Credential

    Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files...

  • SecurityMay 12, 2026

    CVE-2025-61311: Reflected XSS in docuForm Managed Print

    A reflected cross-site scripting vulnerability in the dfm-menu_alerts.php component of GmbH Mecury docuForm v11.11c allows attackers to execute arbitrary...

  • SecurityMay 3, 2026

    CVE-2026-5324: WordPress Brizy Page Builder Unauthenticated

    The Brizy Page Builder plugin for WordPress contains a critical unauthenticated Stored Cross-Site Scripting flaw in versions up to 2.8.11, enabling...

  • SecurityApr 28, 2026

    CVE-2026-7224: SQL Injection in Pizzafy Ecommerce System 1.0

    A high-severity SQL injection vulnerability has been discovered in SourceCodester Pizzafy Ecommerce System 1.0, allowing remote attackers to manipulate...

  • SecurityApr 27, 2026

    CVE-2026-7077: SQL Injection in itsourcecode Courier

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Courier Management System 1.0, affecting the edit_parcel.php file...

  • NewsApr 23, 2026

    Hackers Actively Exploiting Breeze Cache File Upload Bug in

    Threat actors are mass-exploiting a critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin, uploading PHP webshells to...

  • SecurityApr 23, 2026

    CVE-2026-3844 — Breeze Cache WordPress Plugin

    A critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin allows attackers to upload arbitrary files to affected servers...

  • SecurityApr 20, 2026

    CVE-2026-6595: SQL Injection in ProjectsAndPrograms School

    A medium-severity SQL injection vulnerability has been disclosed in ProjectsAndPrograms School Management System, allowing remote attackers to manipulate...

  • SecurityApr 10, 2026

    CVE-2026-6004: SQL Injection in code-projects Simple IT

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple IT Discussion Forum 1.0, affecting the /delete-category.php...

  • SecurityApr 6, 2026

    CVE-2026-5554: SQL Injection in Concert Ticket Reservation

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the...

  • SecurityApr 6, 2026

    CVE-2026-5555: SQL Injection in Concert Ticket Reservation

    An unauthenticated SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the login.php file via...

  • SecurityApr 6, 2026

    CVE-2026-5575: SQL Injection in SourceCodester Record

    A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester/jkev Record Management System 1.0, affecting the Login page's...

  • SecurityApr 5, 2026

    CVE-2026-5551: SQL Injection in itsourcecode Free Hotel

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the login page's email...

  • SecurityMar 29, 2026

    CVE-2026-5017: SQL Injection in code-projects Simple Food

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, affecting the /all-tickets.php file...

  • SecurityMar 29, 2026

    CVE-2026-5018: SQL Injection in code-projects Simple Food

    A remotely exploitable SQL injection vulnerability exists in code-projects Simple Food Order System 1.0, where the Name parameter in register-router.php...

  • SecurityMar 29, 2026

    CVE-2026-5019: SQL Injection in code-projects Simple Food

    A SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, where the Status parameter in all-orders.php enables...

  • SecurityMar 29, 2026

    CVE-2026-5033: SQL Injection in code-projects Accounting

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, where the cos_id parameter in...

  • SecurityMar 29, 2026

    CVE-2026-5034: SQL Injection in code-projects Accounting

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, allowing unauthenticated attackers to...

  • SecurityMar 17, 2026

    CVE-2015-20118: Stored XSS in RealtyScript 4.0.2 Admin

    A stored cross-site scripting vulnerability in RealtyScript 4.0.2 allows attackers to inject malicious JavaScript via the location_name parameter in the...

  • NewsMar 14, 2026

    AppsFlyer Web SDK Supply Chain Attack Spread

    Attackers hijacked AppsFlyer's CDN domain via a registrar incident, serving a sophisticated 170 KB crypto-stealing JavaScript payload to every site...

  • SecurityMar 9, 2026

    CVE-2026-3730: SQL Injection in itsourcecode Free Hotel

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the amenities admin...

  • SecurityMar 9, 2026

    CVE-2026-3734: Improper Authorization in SourceCodester

    A remotely exploitable improper authorization vulnerability has been disclosed in SourceCodester Client Database Management System 1.0, allowing...

  • SecurityMar 9, 2026

    CVE-2026-3740: SQL Injection in itsourcecode University

    A high-severity SQL injection vulnerability has been disclosed in itsourcecode University Management System 1.0, allowing remote attackers to execute...

  • SecurityMar 7, 2026

    CVE-2018-25165: SQL Injection Vulnerability Disclosed in

    A SQL injection vulnerability in Galaxy Forces MMORPG version 0.5.8 has been formally catalogued by NVD, enabling authenticated attackers to extract...

  • SecurityFeb 12, 2026

    Critical RCE in WPvivid Backup Plugin Threatens 900,000+

    A critical unauthenticated arbitrary file upload vulnerability in the WPvivid Backup & Migration plugin allows remote code execution on over 900,000...

  • SecurityFeb 5, 2026

    NGINX TLS Vulnerability Enables Man-in-the-Middle Attacks

    CVE-2026-1642 affects NGINX OSS and Plus when proxying to upstream TLS servers, allowing attackers to inject plaintext data into responses.

  • SecurityJan 25, 2026

    WordPress Plugin Vulnerability (CVSS 10.0) Under Active

    Maximum severity flaw in Modular DS WordPress plugin allows unauthenticated privilege escalation. All versions through 2.5.1 affected with active...