55 matches found
Malicious code in gx-npm-feature-flags (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...
CVE-2026-53200 KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...
CVE-2026-45297
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
CVE-2026-45297
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
EUVD-2026-32970
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...
MAL-2026-2660 Malicious code in use-feature-flags-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in use-feature-flags-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...
@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)
@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...
Malicious code in sq-minimal-feature-flags (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
MAL-2026-1381 Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
CVE-2026-0650
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
GHSA-RWP9-5G7Q-73Q3 OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
CVE-2026-0650
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...
CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization
OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...
PT-2026-1559
Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18 Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication,...
Security update 5.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-alertmanager: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document th...
EUVD-2025-13288
Malicious code in bioql PyPI...