@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @aligent/auth-module (=1.0.1) +1 more potentially affected by CVE-2026-23735 via graphql-modules (>=2.3.0 <=2.4.0)

graphql-modules NPM version =2.3.0, =0.0.0, =1.0.7, =1.0.9 Source cves: CVE-2026-23735 Source advisory: OSV:GHSA-53WG-R69P-V3R7...

GHSA-53WG-R69P-V3R7 GraphQL Modules has a Race Condition issue

Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...

GraphQL Modules has a Race Condition issue

Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

EUVD-2026-2862

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735

Summary: Multiple sources describe a race condition in GraphQL Modules where, when 2 or more parallel requests trigger the same service, the request context injected via @ExecutionContext() can be mixed between concurrent executions, potentially leaking authentication-context data between users. ...

Metasploit Wrap-Up 01/16/2026

Persistence, dMSA Abuse & RCE Goodies This week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week’s modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse...

CVE-2025-13062

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

WordPress Supreme Modules Lite plugin <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via JSON Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Supreme Modules Lite versions = 2.5.62...

PT-2026-3319

Name of the Vulnerable Software and Affected Versions GraphQL Modules versions 2.2.1 through 2.4.0 GraphQL Modules versions 3.1.1 Description GraphQL Modules has an issue where, when two or more parallel requests trigger the same service, the context of the requests can become mixed up within the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001581 advisory. NULL Pointer Dereference vulnerability in openEuler kernel on Linux network modules allows Pointer Manipulation. This vulnerability is associated with program files...

Graphql Modules: Competition Condition Vulnerability

Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004522 advisory. NULL Pointer Dereference vulnerability in openEuler kernel on Linux network modules allows Pointer Manipulation. This vulnerability is associated with program files...

MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4.1 (AXSA:2017-2175:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2175:02 advisory. It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related t...

MiracleLinux 4 : pam-1.1.1-13.AXS4 (AXSA:2013-122:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-122:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

MiracleLinux 7 : libreoffice-5.3.6.1-21.el7 (AXSA:2019-4181:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4181:02 advisory. libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning CVE-2018-16858 Tenable has extracted the...