365 matches found
MAL-2026-4136 Malicious code in jest-canvas-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4141 Malicious code in jest-random-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4137 Malicious code in jest-date-mock (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@aligent/auth-module (>=0.0.3 <=1.0.1), @baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.0 <=2.1.0-alpha.283) +41 more potentially affected by unknown CVE via jest-date-mock (>=1.0.10 <=1.0.8)
jest-date-mock NPM version =1.0.10, =0.0.3, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.259, =2.1.0-alpha.259, =1.0.1, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =12.0.0 and more Source cves: unknown CVE...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)
fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754972...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@aligent/auth-module (>=0.0.3 <=1.0.1), @baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.0 <=2.1.0-alpha.283) +41 more potentially affected by unknown CVE via jest-date-mock (>=1.0.10 <=1.0.8)
jest-date-mock NPM version =1.0.10, =0.0.3, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.259, =2.1.0-alpha.259, =1.0.1, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =12.0.0 and more Source cves: unknown CVE...
4house-libts-places-autocomplete (=1.0.0), @77sol-ui/atoms (>=5.1.0 <=5.4.0) +267 more potentially affected by unknown CVE via jest-canvas-mock (>=2.0.0-beta.1 <=2.5.2)
jest-canvas-mock NPM version =2.0.0-beta.1, =5.1.0, =1.0.1, =1.0.0, =1.0.0, =0.0.0, =0.0.1-react-native, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.250, =2.1.0-alpha.250, =0.0.5, =0.0.6, =0.3.113, =0.5.0 and more Source cves: unknown CVE Source advisory:...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)
fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754804...
4house-libts-places-autocomplete (=1.0.0), @77sol-ui/atoms (>=5.1.0 <=5.4.0) +267 more potentially affected by unknown CVE via jest-canvas-mock (>=2.0.0-beta.1 <=2.5.2)
jest-canvas-mock NPM version =2.0.0-beta.1, =5.1.0, =1.0.1, =1.0.0, =1.0.0, =0.0.0, =0.0.1-react-native, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.250, =2.1.0-alpha.250, =0.0.5, =0.0.6, =0.3.113, =0.5.0 and more Source cves: unknown CVE Source advisory:...
Spring4Shell-POC
ReznokWorks 사내 게시판 — 모의해킹 시나리오 PoC 원본 Spring4Shell PoChttp...
CVE-2026-7710
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
yudao-cloud 授权问题漏洞
Yudao-Cloud is a backend management system developed by YunaiV’s individual developers. Versions of Yudao-Cloud 3.8.0 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from the operation of the parameter mock-token in the JwtAuthenticationTokenFilter.java...
CVE-2026-7710
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
CVE-2026-7710
The CVE-2026-7710 issue affects YunaiV yudao-cloud up to version 3.8.0, specifically the JwtAuthenticationTokenFilter.doFilterInternal implementation in Ruoyi-Vue-Pro. A manipulation of the mock-token argument enables improper authentication, with remote exploitation possible. Exploit code is rep...
PT-2026-36727
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...
ch.admin.bit.jeap:jeap-archrepo-instance (>=1.24.0 <=1.29.1), ch.admin.bit.jeap:jeap-archrepo-test (>=1.24.0 <=1.29.1) +276 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.5.0 <=6.5.1)
org.springframework.security:spring-security-oauth2-jose MAVEN version =6.5.0, =1.24.0, =1.24.0, =1.24.0, =1.0.0, =2.8.0, =2.8.0, =3.10.0, =3.10.0, =8.15.0, =1.2.0, =17.39.0, =17.39.0, =17.39.0, =17.39.0, =17.39.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory: OSV:GHSA-CVC6-Q...