135 matches found
OpenReplay 安全漏洞
OpenReplay is an open-source, developer-friendly, and self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-tenant IDOR vulnerabilities in the feature-flag and assist-stats routing mechanisms. Due t...
PT-2026-34334
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An insecure direct object reference allows unauthorized users to access and manipulate sensitive data across different tenants. This can result in unauthorized...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
EUVD-2025-206710
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
PT-2026-5987
Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
CVE-2025-1758
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...
CVE-2025-14908 JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...
BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...
EUVD-2021-27277
Malware in sbrugna...
EUVD-2021-16354
Malware in sbrugna...
EUVD-2023-2895
Malicious code in bioql PyPI...
EUVD-2024-2618
Malicious code in bioql PyPI...
EUVD-2022-7769
Malicious code in bioql PyPI...
EUVD-2024-17994
Malicious code in bioql PyPI...
EUVD-2025-6737
Malicious code in bioql PyPI...
EUVD-2025-25141
Malicious code in bioql PyPI...
EUVD-2022-6887
Malicious code in bioql PyPI...
CVE-2025-55205
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...