Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

EUVD-2026-33393

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49385

JetBrains YouTrack is affected by CVE-2026-49385 in versions before 2026.1.13570, due to improper access control that allows low-privileged users to modify service accounts. The exposed component is YouTrack’s service account management, with an underlying cause described as access control failur...

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

CVE-2026-45043 RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

CVE-2026-45043 RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

CVE-2026-45043

RustFS vulnerability CVE-2026-45043: prior to 1.0.0-beta.2, improper validation in PUT /rustfs/admin/v3/import-iam lets a user with ImportIAMAction create service accounts under arbitrary parents, including minioadmin, by submitting attacker-controlled parent, claims, accessKey and secretKey. Thi...

PT-2026-44965

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13570 Description Improper access control allows low-privileged users to modify service accounts. Recommendations Update to version 2026.1.13570...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to 2026.1.13570 contained...

PT-2026-44825

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.2 Description Improper validation in the "PUT /rustfs/admin/v3/import-iam" endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user...

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from improper validation of the PUT /rustfs/admin/v3/import-iam endpoint, allowing users with the ImportIAMAction...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Malicious code in @antv/gi-assets-tugraph (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4123 Malicious code in @lint-md/cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...