MAL-2026-5035 Malicious code in @t-in-one/add_application_service_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @t-in-one/get_application_hid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @sber-ecom-core/sberpay-widget (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @t-in-one/application_id_storage_key_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @t-in-one/prefill_credit_data_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Malicious code in @t-in-one/only_difference_payload (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

MAL-2026-5033 Malicious code in @t-in-one/add_app_middleware_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

CVE-2025-28142

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...

CVE-2024-51557

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted...

CVE-2024-51559

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...

CVE-2024-51556

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensiti...

PT-2024-34704 · Wave 2.0 · Wave 2.0

Name of the Vulnerable Software and Affected Versions: Wave 2.0 Description: This issue is caused by improper exception handling for invalid inputs at a certain API endpoint. An authenticated remote attacker could exploit this by providing invalid inputs for the userId parameter in the API reques...

Microsoft Dynamics Business Central 跨站脚本漏洞

Microsoft Dynamics Business Central is an enterprise resource planning system from Microsoft. The system includes functionality for financial management, project management, and supply chain management. A cross-site scripting vulnerability exists in Microsoft Dynamics Business Central Control. Th...