webverselabs-pro 23

• Unrestricted File Upload Leads to Remote Code Execution | Calliope Gallery Jun 9, 2026
• XXE Injection via Envelope Import Leads to Arbitrary File Read | Foldmark Jun 9, 2026
• Local File Inclusion via Template Router | CostThis Jun 9, 2026
• IDOR in Password Reset API Leads to Administrator Account Takeover | TheForms Jun 8, 2026
• JWT Algorithm Confusion Leads to Privilege Escalation | Halftone Studio Jun 8, 2026
• Password Change IDOR Leads to Administrator Account Takeover | Noted Jun 7, 2026
• NoSQL Injection Leads to Treasury Account Takeover | Coined Jun 7, 2026
• Multi-Step Access Control Bypass Leads to Administrative Compromise | Tamper Temple Jun 6, 2026
• Local File Inclusion via Language Cookie Leads to Arbitrary File Read | Flagged Jun 4, 2026
• Exposed Git Repository Leads to Administrative Credential Disclosure | Fault Banking Jun 4, 2026
• NoSQL Injection via Search Filter Object Leads to Hidden Rental Disclosure | SwiftSearch Hotels Jun 3, 2026
• GraphQL Role Parameter Abuse Leads to Restricted Medical Note Disclosure | Clearance Jun 3, 2026
• SQL Injection in Voucher Search Leads to Executive Voucher Disclosure | Voucher Vault Jun 2, 2026
• SQL Injection via Issue Identifier Parameter | Trace Control Jun 2, 2026
• OS Command Injection via Archive Export Filename | Parchive Jun 1, 2026
• IDOR – Unauthorized Grant Approval via Workflow Manipulation | Briarcliff Foundation Jun 1, 2026
• Next.js Middleware Authorization Bypass (CVE-2025-29927) | BugVault Jun 1, 2026
• Authentication Bypass via Forged Remember-Me Cookie | Skein May 31, 2026
• NoSQL Injection Authentication Bypass | Herbalist Remedies May 28, 2026
• Exposed Git Repository Information Disclosure | Loop & Roam Records May 27, 2026
• Default Credentials Authentication Weakness | Lake Forks Permits May 27, 2026
• Local File Inclusion via Double URL Encoding | Mirage May 27, 2026
• OS Command Injection in Network Diagnostics | Netcheck May 23, 2026