CVE-2026-27099

Jenkins CVE-2026-27099 affects Jenkins versions 2.483–2.550 (and LTS 2.492.1–2.541.1) where the description for the “Mark temporarily offline” offline cause is not escaped, causing stored cross-site scripting (XSS). The vulnerability can be exploited by attackers with Agent/Configure or Agent/Dis...

PT-2026-20433

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.483 through 2.550 Jenkins LTS versions 2.492.1 through 2.541.1 Description The application does not properly sanitize user-supplied data within the description field of the "Mark temporarily offline" functionality. This can...

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Vulnerabilities existed in Jenkins versions 2.483 to 2.550, as well as in LTS versions 2.492.1 to...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

CVE-2026-26219 affects newbee-mall stores that hash passwords using unsalted MD5 without per-user salts or computational cost controls. Root cause: MD5 hashing without salt enables offline credential cracking if password hashes are exposed. Impact: high confidentiality and integrity risk; plainte...

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

newbee-mall 加密问题漏洞

newbee-mall is an e-commerce system developed by newbee with open source. newbee-mall has encryption-related vulnerabilities; these vulnerabilities stem from the use of the unsalted MD5 hash algorithm for storing and verifying user passwords. This allows attackers to quickly recover plaintext...

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

[SECURITY] Fedora 42 Update: rust-tealdeer-1.7.2-4.fc42

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.2-4.fc43

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

Hackers Deliver Global Group Ransomware Offline via Phishing Emails

Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...