MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via the frankenphpresetsuperglobals reset logic. An attacker can access sensitive session data belonging to other users by sending a request to a worker before sessionstart is called. note: This is only...

PT-2026-7871

Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP, when running in worker mode, does not correctly reset the $ SESSION superglobal between requests. This allows a subsequent request processed by the same worker to access the $ SESSION...

PT-2026-6858

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

Linux Distros Unpatched Vulnerability : CVE-2021-36367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an...

CVE-2025-5410

CVE-2025-5410 affects Mist Community Edition up to 4.7.1. The vulnerability exists in the function session_start_response within src/mist/api/auth/middleware.py and enables cross-site request forgery with remote initiation. Public disclosure of the exploit is noted. Mitigation: upgrade to version...

kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session

linux wifi mac80211 connection linkdata allocations can result in null pointer dereferencing...

PHPGurukul Boat Booking System 安全漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A security vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from an issue contained in the sessionstart function...

Employee Management System v1 - (email) SQL Injection Vulnerability

Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

SUSE CVE-2007-3799

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

Persistence – PowerShell Profile

PowerShell profile is a PowerShell script which enables system administrators and users to customize their environment and to execute specific commands when a PowerShell session initiates. It is similar to logon scripts that are used heavily by Administrators to map network drives and printers fo...

PHP PDORow Object - Remote Denial of Service

source: https://www.securityfocus.com/bid/51952/info PHP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the web server to crash, denying service to legitimate users. PHP 5.3.8 is vulnerable; other versions may also be affected. fetchPDO::FETCHLAZ...

Animal husbandry star php web site management system of 0day-vulnerability warning-the black bar safety net

A small program in the holding Station is discovered this app, then across to see the source code. Tragedy just happened! admin/login.php source: ? php sessionstart; include "../include/databaseConfig.inc.php"; $admin = $POST'admin'; $pass = md5$POST'pass'; $codes = $POST'codes'; if$GET'action'...

NNM-SSH-Server-Session_Start

Binary data 5936.prm...

Ignition 1.3 (comment.php) Local File Inclusion Vulnerability

Exploit for php platform in category web applications Ignition 1.3 ========================================= Greetz: all member | manadocoding.org - sekuritiOnline.net friends: angky.tatoki, EA ngel, bL4Ck3n91n3, 0pa, x0r0n, teamelite, thama, devilbat, cr4wl3r, cyberl0g, lumut-, AntiHack, DskyMC,...