Malicious code in @antv/g-webgpu (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4121 Malicious code in @antv/xflow-extension (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/dipper-map (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3976 Malicious code in @antv/g2-extension-ava (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-webgpu-unitchart (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2023-50612

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter...

EUVD-2024-39892

Malicious code in bioql PyPI...

Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts

A flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,…...

CVE-2024-42494

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services...

CVE-2024-42494 Ruijie Reyee OS Exposure of Private Personal Information to an Unauthorized Actor

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services...

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including version 2.320.x. An attacker can exploit this vulnerability to view and exploit the vulnerability in Ruijie Networks ReyeeOS. An attacker...

CVE-2024-3793

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 Accounts /admin/CloudAccounts. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

PT-2024-27835 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the "/admin/CloudAccounts" API endpoint, specifically in the account name, user password, and server fields, affecting al...

PT-2024-27775 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through S3 Accounts, accessible via the "/admin/CloudAccounts" API endpoint. This could allow a remote user to execute arbitrary...

CVE-2023-50612

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter...

Design/Logic Flaw

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter...

CVE-2023-50612

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter...

fit2cloud Cloud Explorer Lite Security Vulnerability

fit2cloud Cloud Explorer Lite is an open source lightweight cloud management platform. A security vulnerability exists in fit2cloud Cloud Explorer Lite version 1.4.1. A local attacker exploited the vulnerability to elevate privileges and obtain sensitive information via the cloud accounts paramet...

PT-2024-13947 · Fit2Cloud · Fit2Cloud Cloud Explorer Lite

Name of the Vulnerable Software and Affected Versions: fit2cloud Cloud Explorer Lite version 1.4.1 Description: The issue allows local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. This is due to an Insecure Permissions vulnerability...