All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

CVE-2026-55789: CWE-91: XML Injection (aka Blind XPath Injection) in logto-io logto

CVE-2026-55789 is an XML Injection vulnerability in logto-io's logto product prior to version 1.41.0. The issue arises because the self-hosted SAML IdP component uses unsafe string substitution of…

Read the full article
10h agoen

You might also wanna read

Libxslt Library Unmaintained with Multiple Unfixed Security Vulnerabilities

Alan Coopersmith reports

vuxml.freebsd.org·10mo ago

Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass

A deep dive into CVE-2025-14986, a masked namespace vulnerability in Temporal that enabled cross-tenant policy and schema confusion via bund

depthfirst.com·5mo ago

Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation

CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests. Successful exploitation can let

briefly.co·16d ago

CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk

Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers

theregister.com·8d ago

CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk

Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers

theregister.com·8d ago

CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk

Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers

theregister.com·8d ago

Prismata: A Defense Against Cross-Site Prompt Injection in Autonomous Web Agents

Autonomous web agents promise to automate everyday browsing tasks, but inherit one of the web's oldest attack surfaces. Cross-Site Scripting

arxiv.org·9h ago

WAF - WAF Release - 2025-07-14

This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

Cloudflare·1y ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.