Malicious code in @antv/t8 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/gpt-vis (>=1.0.0 <=1.0.0-beta.2) potentially affected by unknown CVE via @antv/t8 (=0.3.0)

@antv/t8 NPM version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/t8 and may be impacted: - @antv/gpt-vis =1.0.0, =1.0.0-beta.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4087...

EUVD-2024-16723

Malicious code in bioql PyPI...

EUVD-2023-28219

Malicious code in bioql PyPI...

EUVD-2023-28214

Malicious code in bioql PyPI...

EUVD-2023-28216

Malicious code in bioql PyPI...

EUVD-2024-49278

Malicious code in bioql PyPI...

EUVD-2023-28218

Malicious code in bioql PyPI...

EUVD-2024-16362

Malicious code in bioql PyPI...

EUVD-2023-28215

Malicious code in bioql PyPI...

EUVD-2023-28220

Malicious code in bioql PyPI...

EUVD-2023-28213

Malicious code in bioql PyPI...

EUVD-2023-28217

Malicious code in bioql PyPI...

CVE-2024-46419

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter...

CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

CVE-2024-0569

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.83320220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to...

CVE-2024-8574

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated...

CVE-2024-0944

A vulnerability was found in Totolink T8 4.1.5cu.83320220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is...

CVE-2024-8077

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this...

CVE-2024-8075

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about thi...