VulWall Knowledge Base

Practical Security Guides For Your Team

Clear, non-alarmist guidance for real web vulnerabilities so your team can prioritize fixes confidently.

5 articles on this page 217 security topics

Browse Articles

Filter by topic, then open any article for business and technical remediation guidance.

All topics mitm GHSA-7wwv-vh3v-89cq access-control ajax algorithm-downgrade angularjs api api-security authentication-bypass availability axios

Expired Security Certificate Is Blocking Visitors and Breaking Trust

immediate

Your website's security certificate has expired. Think of it like an ID badge with a past-due date — browsers check this badge every time someone visits, and when it's expired, they show a full-screen warning telling visitors your site is unsafe. Most people will leave immediately rather than click through.

Exploitable Effort: small
ssl tls certificate https +3
5 min read Mar 15, 2026

Your Website's Security Certificate Isn't Trusted by Browsers

high

Your server is using a self-signed security certificate — one that you (or your server) created yourself, rather than one issued by a trusted authority. Browsers treat this the same way they'd treat a badge someone printed at home: it might look official, but there's no independent body vouching for it. Visitors to your site will see a security warning, and some browsers may block access entirely.

Exploitable Effort: small
ssl tls self-signed certificate +3
5 min read Mar 14, 2026

SSH Server Uses Encryption Settings Vulnerable to Connection Downgrade

medium

Your server's SSH service — the secure tunnel used for remote administration — is configured with encryption options that have a known flaw. An attacker positioned between your server and a connecting administrator (for example, on the same network) could quietly weaken that tunnel during the initial handshake, potentially stripping away some security protections before either side notices. Think of it like a tampered lock that looks fine from the outside but is slightly easier to pick.

Exploitable Effort: small
cve cve-2023-48795 ssh openssh +6
5 min read Feb 18, 2026

Your Website Accepts Unencrypted Connections — Here's What to Fix

medium

Your website can be visited over plain HTTP (unencrypted), and it doesn't automatically send visitors to the secure HTTPS version. Any user who lands on an HTTP link — from an old email, a bookmark, or a mistyped URL — will have their connection left unprotected. Think of it like a shop that has a secure back entrance but leaves the front door unlocked with no sign pointing visitors to the right way in.

Exploitable Effort: small
https http-redirect hsts tls +4
5 min read Feb 18, 2026

Missing Security Header Leaves Connections Vulnerable to Interception

high

Your website is missing a small but important instruction it should send to browsers — one that tells them to always use a secure, encrypted connection. Without it, browsers may occasionally connect over an unencrypted channel, and there is no browser-level safeguard to prevent that from happening. Think of it like a lock on your front door: your HTTPS certificate is the lock, but this header is the sign that tells visitors to always use the locked entrance.

Exploitable Effort: trivial
hsts http-headers ssl-stripping mitm +3
5 min read Feb 18, 2026