4224 matches found
CVE-2026-55881
OpenReplay (self-hosted session replay) versions affected: 1.22.0 – 1.27.0. The vulnerability arises in getFirstMob where 15-second presigned S3 download URLs for a session’s DOM-replay recording were generated based only on the session path, while validateProjectAccess only checked tenant owners...
CVE-2026-55370
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...
CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...
EUVD-2026-43011
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...
CVE-2026-55370
Technical details about CVE-2026-55370 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-58225
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225
This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...
EUVD-2026-42867
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-28564
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
CVE-2026-28564 Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
CVE-2026-28564
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
CVE-2026-28564
The CVE-2026-28564 issue affects Apache IoTDB prior to 2.0.10. It is described as an authentication bypass caused by insufficient session expiration, enabling capture–replay against REST Basic Authentication. Affected versions are 1.0.0 up to, but not including, 2.0.10. The practical impact is hi...
EUVD-2026-42832
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
JumpServer > 3.6.4 - Information Disclosure
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
EUVD-2026-42640
MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...
CVE-2026-51597
MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...
CVE-2026-47828
The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...
CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...