53 matches found
Malicious code in openai-agents-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...
MAL-2026-6582 Malicious code in openai-agents-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...
MAL-2026-6581 Malicious code in ollama-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice DoJ on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These...
PT-2026-38648
Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getMember function in the backend endpoint when processing the cloudaccount argument. An attacker can execute code or manipulate application behavior by supplying crafted serialized data. Detail...
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
The CVE concerns funadmin up to 7.1.0-rc4, affecting the Backend Endpoint through the function getMember in app/common/service/AuthCloudService.php. The issue stems from deserialization triggered by manipulating the cloud_account argument, enabling a remote attack. The exploit is publicly availab...
FunAdmin 代码问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the cloudaccount parameter in the function getMember within the component’s Backen...
PT-2026-21403
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud account results in deserialization. The attack may be performed from...
EUVD-2018-7356
Malware in sbrugna...
EUVD-2017-17190
Malware in sbrugna...
EUVD-2025-16160
Malicious code in bioql PyPI...
EUVD-2025-16170
Malicious code in bioql PyPI...
CVE-2025-34066
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...
CVE-2025-45468
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...