CVE-2026-44665

A flaw was found in fast-xml-builder, a software component used to create XML documents from JSON data. This vulnerability allows a remote attacker to inject unauthorized attributes into the generated XML or HTML output. By crafting malicious input that includes quotes in attribute values without...

openSUSE 16 Security Update : log4cxx (openSUSE-SU-2026:20705-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20705-1 advisory. Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain...

SUSE CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

Linux Distros Unpatched Vulnerability : CVE-2026-34479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output...

Linux Distros Unpatched Vulnerability : CVE-2026-34480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize...

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from XmlLayout failing to clean out characters prohibited by the XML 1....

CVE-2021-32957

A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is...

SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet

C port of the Get-AppLockerPolicy PS cmdlet / | | / \ | | | | \ --.| | / /\ \ | | | | --. \ ' \ / | '| ' | | ' | ' | | / \ / | |/ / \ '| // / | | | | | | | | | | | | | | | | || | | / | /|| ||,|| | ./| |/ ./| ./// ||\|| | | | | | | || || || V1.0.0 - by Flangvik & JeanMaes1994 Usage: -h,...

Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a...

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...

Find Vulnerable Settings in AD Group Policy: Grouper

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft’s Group Policy module and identifies all the settings defined in...

Vulners Nmap plugin

In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...

NMapGUI - Advanced Graphical User Interface for NMap

NMapGUI is an advanced graphical user interface for NMap network analysis tool. It allows to extend and ease the typical usage of NMap by providen a visual and fast interface with the application. If you have any questions about NMapGUI usage or want to get in contact with me, please visit: Twitt...

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility...

PDD - Packet Dump Decode Released

PDD - Packet Dump Decode Released PDD is an open-source program created by Srivats.Packet Dump Decode pdd is a simple convenient GUI wrapper around the Wireshark/Ethereal tools to convert packet hexdumps into well formatted xml containing the decoded protocols and protocol contents.You need to...

CVE-2006-1046

server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service CPU and memory consumption via a string containing a large number of characters that are escaped when Monopd produces XML output...