This page collects WhisperX intelligence signals tagged #web-app. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical cross-site scripting (XSS) vulnerability has been reported in the latest version of GCHQ's CyberChef, a widely used web-based cybersecurity tool. The flaw, located in the `OffsetChecker.mjs` module, allows an attacker to inject and execute arbitrary JavaScript code by supplying a malicious payload to the `sa...
A comprehensive security remediation effort has been completed for a Next.js application, addressing multiple critical vulnerabilities that exposed the platform to potential attacks. The update patches five specific CVEs in the core Next.js framework, including a CSRF bypass, HTTP request smuggling, and denial-of-servi...
A critical authentication bypass flaw in the Observal application allows unauthenticated users to gain full access to its protected dashboard and internal pages. The vulnerability is triggered by a simple URL manipulation: removing the `/login` path from the application's address. This exposes the primary dashboard, th...