CVE-2026-55789: CWE-91: XML Injection (aka Blind XPath Injection) in logto-io logto
CVE-2026-55789 is an XML Injection vulnerability in logto-io's logto product prior to version 1.41.0. The issue arises because the self-hosted SAML IdP component uses unsafe string substitution of…
Read the full articleYou might also wanna read
Libxslt Library Unmaintained with Multiple Unfixed Security Vulnerabilities
Alan Coopersmith reports
Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass
A deep dive into CVE-2025-14986, a masked namespace vulnerability in Temporal that enabled cross-tenant policy and schema confusion via bund
Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation
CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests. Successful exploitation can let
CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
Prismata: A Defense Against Cross-Site Prompt Injection in Autonomous Web Agents
Autonomous web agents promise to automate everyday browsing tasks, but inherit one of the web's oldest attack surfaces. Cross-Site Scripting

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

Comments
Sign in to join the conversation.
No comments yet. Be the first.