CVE-2026-45296 OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant binding

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several appapikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

PT-2026-44457

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

MAL-2026-4568 Malicious code in fulcrum-sessions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...

CVE-2026-44423

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

Race Condition

Overview org.webjars.npm:effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker...

GHSA-R3XH-3R3W-47GP FrankenPHP leaks session data between requests in worker mode

Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...

PT-2026-7871

Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP, when running in worker mode, does not correctly reset the $ SESSION superglobal between requests. This allows a subsequent request processed by the same worker to access the $ SESSION...

EUVD-2006-1362

Malware in sbrugna...

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

D-Link DIR-859 Router Path Traversal Vulnerability

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

VulnCheck KEV: CVE-2024-0769

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...

Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

SUSE-SU-2018:0879-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...