1. Critical Security Flaw: Plaintext Passwords & NoSQL Injection Expose Full User Database
A critical vulnerability in a web application's authentication stack allows unauthenticated remote attackers to bypass login entirely and harvest every user's credentials in plaintext. The flaw, rated a maximum CVSS score of 9.8, stems from two root-cause issues in the codebase: plaintext password storage and a NoSQL i...