Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

[SECURITY] Fedora 43 Update: sudo-1.9.17-7.p2.fc43

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

GHSA-P7MM-R948-4Q3Q Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Summary The approval-resolution endpoints POST /approvals/:id/approve, /reject, /request-revision accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated...

Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Summary The approval-resolution endpoints POST /approvals/:id/approve, /reject, /request-revision accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated...

CVE-2026-40021

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

CVE-2026-40021

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

PT-2026-31983

Name of the Vulnerable Software and Affected Versions Apache Log4cxx versions prior to 1.7.0 Description Apache Log4cxx's XMLLayout fails to sanitize characters forbidden by the XML 1.0 specification in log messages, NDC, and MDC property keys and values, resulting in invalid XML output. This can...

PT-2026-29709

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description The PUT /api/v1/subscriber/imsi API endpoint accepts an IMSI identifier from both the URL path and the JSON request body without verifying they match. This allows an authenticated NetworkManager to...

OneUptime 数据伪造问题漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a data manipulation vulnerability. This vulnerability stemmed from the WhatsApp POST webhook processor not verifying the...

How Ceros Gives Security Teams Visibility and Control in Claude Code

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running acros...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the typeSafetyCheckEmail function. An attacker can inject arbitrary log entries and expose sensitive information by submitting specially crafted email addresses containing newline or...

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

CVE-2026-0695 Stored XSS in Time Entry Audit Trail

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

PT-2026-3251

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered...

ConnectWise PSA security vulnerabilities

ConnectWise PSA is a professional service automation software developed by ConnectWise in the United States. Versions of ConnectWise PSA prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for Time Entry notes in the Time Entry Audit...

Network-Vuln

🔍 Network Vulnerability Scanner !Pythonhttps://img.shiel...

EUVD-2011-4499

Malware in sbrugna...

EUVD-2016-7076

Malware in sbrugna...