125 matches found
PYSEC-2026-370 Openstack Keystone Incorrect Authorization vulnerability
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...
CVE-2026-35594
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...
Malicious code in intan-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b5a333b728d4905db0fd8585e4ffd7e5c776150f33ca8a629557c46aed78d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hariyono-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41ecec4666cad4a8322e0ff89050730e33b18cdaf02f3ea052201833cbc47569 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152433 Malicious code in alvino-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71c9c23bb7ae2b18dae40a17a6944dec00f74a8019735d4458f84867e42e1df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155680 Malicious code in hariyono-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41ecec4666cad4a8322e0ff89050730e33b18cdaf02f3ea052201833cbc47569 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitha-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f79920f17e17991b4378fc2230bc9cf83ce72833566355b1b3610fce86620fec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156585 Malicious code in intan-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b5a333b728d4905db0fd8585e4ffd7e5c776150f33ca8a629557c46aed78d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157556 Malicious code in kentung-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4163aed1d076846452617420160a0232586dba57c0bcf855fca81c1b9a24bb1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653e5aa55135b1459e9e03c92c23ddd6c6b5b4c71d8be4367a0fe35ba53c7a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvira-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f3027b4b0f96084eecbec244ac5ac4d9c2eaa7dddefc1b27a5643e94f1ab31e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kentung-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4163aed1d076846452617420160a0232586dba57c0bcf855fca81c1b9a24bb1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rita-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98113579037909070c6dae22777de4b62617f7477f6c4223203a022ec5299405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aril-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe8a98625e3dad2d441baf974ce9fd9f4dad80b9b464b330676c35d5b128bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvino-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71c9c23bb7ae2b18dae40a17a6944dec00f74a8019735d4458f84867e42e1df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in billa-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cb750211526ef616373b0b84b30bf8de5596243f66ce0d561842b9e2c5ea3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152875 Malicious code in aril-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe8a98625e3dad2d441baf974ce9fd9f4dad80b9b464b330676c35d5b128bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74053
Malicious code in zoophagousrhinocerossilver-72 npm...
EUVD-2025-74236
Malicious code in slimcraneapricot-72 npm...
EUVD-2025-74391
Malicious code in outrageouscrabaquamarine-72 npm...