Malicious code in @antv/dw-random (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3993 Malicious code in @antv/g6-plugin-map-view (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3918 Malicious code in @antv/g-dom-mutation-observer-api (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Linux Distros Unpatched Vulnerability : CVE-2020-1776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case...

Malicious code in wdpr-node-travel-agent-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 698a270ed5ad415e8c11ae91fee4719e5d8dd2de9bd86ea6bcbcc074698266d8 The OpenSSF Package Analysis project identified 'wdpr-node-travel-agent-session' @ 2.1.7 npm as malicious. It is considered malicious because: -...

SUSE CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...

DEBIAN-CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...

UBUNTU-CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...

[SECURITY] [DLA 1215-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1deb7u3 CVE ID : CVE-2017-17476 Debian Bug : 884801 Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this fla...

JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

otrs -- SQL injection

OTRS Security Advisory reports: Missing security quoting for SQL statements allows agents and customers to manipulate SQL queries. So it's possible for authenticated users to inject SQL queries via string manipulation of statements. A malicious user may be able to manipulate SQL queries to read o...