March 2, 2026—KB5082314 (OS Build 20348.4776) Out-of-band

March 2, 2026—KB5082314 OS Build 20348.4776 Out-of-band This out-of-band update for Windows Server 2022 KB5082314 is cumulative. It includes updates from previous security updates, along with an additional fix. To learn more about differences between security updates, optional non-security previe...

core-devoops (>=0.0.1 <=0.0.2), flask-adfs (>=0.1.9 <=0.1.19) +2 more potentially affected by CVE-2024-29370 via python-jose (>=1.3.2 <=1.4.0)

python-jose PYPI version =1.3.2, =0.0.1, =0.1.9, =0.5.1, =0.3.2, =0.3.3 Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...

EUVD-2020-2309

Malware in sbrugna...

EUVD-2019-13127

Malware in sbrugna...

EUVD-2009-2503

Malware in sbrugna...

EUVD-2018-8594

Malware in sbrugna...

EUVD-2017-0526

Malware in sbrugna...

EUVD-2022-52430

Malicious code in bioql PyPI...

CVE-2019-0975

A security feature bypass vulnerability exists when Active Directory Federation Services ADFS improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security...

CVE-2022-30584

Archer Platform 6.3 before 6.11 6.11.0.0 contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 6.10.0.3 and 6.9 SP3 P4 6.9.3.4 are also fixed releases...

Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials

A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication MFA, targeting over 150 organizations...

CVE-2023-49111

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

CVE-2023-49111

CVE-2023-49111 describes an unauthenticated reflected cross-site scripting vulnerability in Kiuwan SAST deployments with SSO enabled. The issue arises because the login page’s JavaScript block directly includes the request parameter “message,” enabling an attacker to inject script via the paramet...

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

Rotate the Citrix Cloud SAML signing certificate used by ADFS relying party trust

On ADFS server -- Click on Event Viewer -- Applications -- ADFS -- Admin -- search for the error log at the time-stamp you replicated the login. If you see the following error in the ADFS event logs: Error: "Encountered error during federation passive request. Additional Data Protocol Name: Saml...

July 19, 2022—KB5015879 (OS Build 20348.859) Preview

July 19, 2022—KB5015879 OS Build 20348.859 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration

Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install...

CVE-2022-30584

Archer Platform 6.3 before 6.11 6.11.0.0 contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 6.10.0.3 and 6.9 SP3 P4 6.9.3.4 are also fixed releases...

Improper access control

Archer Platform 6.3 before 6.11 6.11.0.0 contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 6.10.0.3 and 6.9 SP3 P4 6.9.3.4 are also fixed releases...