VDB

GCVE-110-OSM-2026-3466

GCVE-110-OSM-2026-3466
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 29, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code. Payload: assets/vendor.1192ef24.js Key findings: - Corporate Environment Targeting in assets/index.66d50abe.js: "tMonitor))try{const t=Ot(),a=await async function(e=[]){const t=Jt(e,(()=>[])).f..." - Corporate Environment Targeting in assets/vendor.1192ef24.js: "tModifiers:[yv,Pv,gv,Yf,Vv,Av,zv,fv,Bv]});const Uv=(e,t,l={})=>{const n={name:"u..." - Reconstructed Obfuscated URL in assets/vendor.1192ef24.js: "https://vuejs.org/error-reference/#runtime-(?:/|$)1" - Shell Command Execution in assets/index.66d50abe.js: "child_process").exec" - Data Encoding for Exfiltration in assets/index.66d50abe.js: "encodeURIComponent(n),r=encodeURIComponent(i),o=Number(se.steamId||0)||null,s=[{..." IOCs: - ipv6: 1:2:3:4:5:6:7::, 1:2:3:4:5:6:7:8, 1:2:3:4:5:6::, 1:2:3:4:5::, 1:2:3:4:: (+3 more) - urls: https://element-plus.org/en-US/component/checkbox.html, https://element-plus.org/en-US/component/radio.html, https://element-plus.org/zh-CN/component/pagination.html, https://vuejs.org/error-reference/#runtime-(?:/|$)1 - domains: cdn.cloudflare.steamstatic.com, www.pcgamingwiki.com, www.bing.com, www.baidu.com, steamui.com (+9 more) - payloadFileHash: fc7f2da59381dfc75840e78886ac3a831e988035dbaa878375d955bc4927f0e8

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmayfly-game-saveall (affected)

References

vendor

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›