Security Risk Category

web-application Security Risks

Published vulnerability pages connected to web-application. One risk can appear in multiple categories while keeping one canonical page.

web-application risks

Showing 6 of 6 published risks.

criticalEPSS 0.004

ValeApp Stored Cross-Site Scripting Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2342valeappstored-xssweb-application

Updated Jul 10, 2026

mediumEPSS 0.002

HCL DevOps Deploy Permissive CORS Vulnerability

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

CVE-2026-56458hcl-devops-deploycorsinformation-disclosureweb-application

Updated Jul 10, 2026

mediumEPSS 0.003

BiEticaret Reflected Cross-Site Scripting Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57.

CVE-2026-5793bieticaretreflected-xssweb-application

Updated Jul 10, 2026

criticalEPSS 0.004

BiEticaret SQL Injection Vulnerability

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57.

CVE-2026-5955bieticaretsql-injectionweb-application

Updated Jul 10, 2026

high

SOPlanning Audit Retention SQL Injection Vulnerability

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user). This issue was fixed in version 1.56.01.

CVE-2026-50644soplanningphpsql-injectionweb-application

Updated Jul 10, 2026

medium

OKRs & Goals Stored Cross-Site Scripting Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398.

CVE-2026-5005xssweb-applicationokrs-and-goals

Updated Jul 10, 2026