53 matches found
CVE-2026-45297
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
CVE-2026-45297
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
EUVD-2026-32970
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
MAL-2026-2660 Malicious code in use-feature-flags-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in use-feature-flags-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...
@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)
@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...
Malicious code in sq-minimal-feature-flags (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
MAL-2026-1381 Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
CVE-2026-0650
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
GHSA-RWP9-5G7Q-73Q3 OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
CVE-2026-0650
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
CVE-2026-0650
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...
PT-2026-1559
Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18 Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication,...
Security update 5.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-alertmanager: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document th...
EUVD-2025-13288
Malicious code in bioql PyPI...
Malicious code in feature-flags-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 26770c72a74ae8e621acc8084a53a285191b262988dd73d9e884c34025a362b8 The OpenSSF Package Analysis project identified 'feature-flags-client' @ 1.1.0.4.g5ec4367 rubygems as malicious. It is considered malicious...
MAL-2025-46907 Malicious code in feature-flags-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 26770c72a74ae8e621acc8084a53a285191b262988dd73d9e884c34025a362b8 The OpenSSF Package Analysis project identified 'feature-flags-client' @ 1.1.0.4.g5ec4367 rubygems as malicious. It is considered malicious...