GHSA-RF6H-5GPW-QRGQ OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...

EUVD-2024-35847

Malicious code in bioql PyPI...

EUVD-2025-24758

Malicious code in bioql PyPI...

EUVD-2024-49530

Malicious code in bioql PyPI...

CVE-2025-59339

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339

CVE-2025-59339 affects The Bastion’s session-recording workflow: the osh-encrypt-rsync script rotates and encrypts ttyrec files using GPG keys, but it silently fails to apply signatures even when signing is requested. This can undermine data integrity of archived ttyrec files. Affected component ...

CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

PT-2025-38246

Name of the Vulnerable Software and Affected Versions: The Bastion affected versions not specified Description: The Bastion provides authentication, authorization, traceability, and auditability for SSH accesses. Session-recording ttyrec files are handled by the provided osh-encrypt-rsync script,...

Citrix Session Recording deserialization vulnerability

Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...

Citrix Session Recording deserialization vulnerability

Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-8068 CV...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-8069link is external Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068link is external Citrix Session Recording...

Citrix Session Recording Improper Privilege Management Vulnerability

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...

Citrix Session Recording Deserialization of Untrusted Data Vulnerability

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server...

CVE-2025-49048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue affects Inspectlet – User Session Recording and Heatmaps: fro...

CVE-2025-49048

CVE-2025-49048 covers a stored XSS in the WordPress plugin “Inspectlet – User Session Recording and Heatmaps” (versions

CVE-2025-49048 WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inspectlet Inspectlet User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue affects Inspectlet User Session Recording and Heatmaps: from n/...

CVE-2025-49048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue affects Inspectlet – User Session Recording and Heatmaps: fro...

WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Inspectlet User Session Recording and Heatmaps versions = 2.0...