webversepro 54
- Authentication Bypass – Direct Dashboard Access | Pivot HR
- Cross-Site Scripting (XSS) – Inadequate Input Filter Bypass | Palisade
- Local File Inclusion – Arbitrary File Read | Traverse
- Information Disclosure – Sensitive Resource Exposure via robots.txt | Sundial Observatory
- Information Disclosure – Redirect Debug Comment Exposure | Redirect Run
- Information Disclosure – Sensitive HTML Comment Exposure | Vellichor Press
- Cross-Site Scripting (XSS) – HTML Tag Breakout | Rivet & Tack
- Cross-Site Scripting (XSS) – HTML Comment Breakout | Fermata
- Privilege Escalation – Unsigned Session Token Tampering | Spindrift Workspace
- Privilege Escalation – Client-Side Role Cookie Tampering | Session Swap
- Privilege Escalation – JWT None Algorithm Abuse | Stargate Atlas
- Information Disclosure – Debug Branch Receipt Exposure | Quikpay Receipts
- Weak Credentials – Member Account Compromise | Pinegrass Library Co-op
- Cross-Site Scripting (XSS) – Attribute Breakout | Sandpiper Stationery
- Cross-Site Scripting (XSS) – Reflected Search Injection | Ember Kettle
- Information Disclosure – Client-Side Analytics Exposure | Pebble & Pine
- Unrestricted File Upload – Remote Code Execution | Hollow Run Bedding
- Mass Assignment – Role Escalation | Salt Brook Pilates
- Arbitrary File Read – image Parameter Leading to file:// Injection | Suited
- IDOR – Account Export Data Disclosure | Remittance
- GraphQL Information Disclosure – System Configuration Exposure | Schematic
- SQL Injection & File Upload Abuse – Admin Bypass Leading to RCE | Candy
- SQL Injection – Full Database Extraction via UNION Attack | Versed
- OS Command Injection – Remote Command Execution via Legacy CGI Endpoint | Slash & Sons
- SSRF – Internal Service Discovery Through Monitor Preview Feature | Statuscraft
- X-Forwarded-For Spoofing – Internal Staff Portal Access Control Bypass | Brackish Brewing Co.
- SSRF Blocklist Bypass – Internal File Disclosure via Localhost Filtering Evasion | CutCorner
- Missing Access Control – Unrestricted Staff Portal Exposure | Coltsfoot Community Center
- SQL Injection – Secret Extraction from Internal Logs Console | Vibed
- Sensitive Information Disclosure – Secrets Exposed in Base64 Session Cookie | Cookie Cutter
- Client-Side Price Manipulation – Discount Abuse via Cookie Tampering | Snooker
- Weak Password Reset – Brute Force of 4-Digit Reset Token Leading to Account Takeover | Heartwood Outfitters
- Information Disclosure – Sensitive Debug Header Leakage via Response Metadata | Header Hunt
- Workflow Access Control Bypass – Admin Privilege Escalation | Lazy Human Resources
- Stored XSS – Internal Endpoint Enumeration Through Comment Injection | Crate & Sleeve
- Weak Credentials – Authentication Compromise via Password Brute Force | Halftrack Model Railroad Club
- SQL Injection – Authentication Bypass on Employee Portal | Gatekeeper
- Unrestricted File Upload – Remote Code Execution via PHP Extension Bypass | Crosswind
- SQL Injection to Admin Access – Hidden Identity Exposure | The Caretaker
- IDOR via WebSocket Subscription – Cross-Order Data Exposure | JoyStick
- LDAP Injection – Hidden Registrar Archive Disclosure | Saint Croix University
- GraphQL BOLA via Introspection & Insecure Resolver Access | Slate Quarry
- Command Injection & Broken Function Level Authorization | NewsForge
- Local File Inclusion via PHP Stream Wrappers | DocketHive
- Mass Assignment Leading to Admin Account Creation | Trellis
- JWT Secret Cracking & Privilege Escalation via Forged Tokens | Tally
- XXE Injection – Arbitrary File Disclosure via XML Import | Holloway
- Server-Side Template Injection Leading to Remote Code Execution | Outbox
- Local File Inclusion (LFI) to Sensitive File Disclosure | Mapleton
- NoSQL Injection Authentication Bypass – Admin Panel Access | SnickerDoodle
- IDOR in Order Access – Unauthorized Order Data Exposure | Hartwood
- JWT alg:none Authentication Bypass to Admin Access | EverGreen
- UUID-Based IDOR Through Member API | Apex
- Jinja2 SSTI to Remote Code Execution | SunnySide