9293 matches found
PT-2025-47576
🎯 Real scan results: 11 subdomains → 4m 35s ✅ Found nginx/1.18.0 🔴 Detected CVE-2021-4567 HIGH 🤖 AI provided patch + remediation All automatic. All local. All free. This is recon in 2025 👀 bugbountytips cve appsec...
Claude Code vulnerable to command execution prior to startup trust dialog
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
EUVD-2025-197937
The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...
Siemens SIPROTEC 5 Allocation of Resources Without Limits or Throttling (CVE-2025-40570)
Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop respondin...
Fedora 44 : kubernetes1.34 (2025-eeedae8757)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-eeedae8757 advisory. Automatic update for kubernetes1.34-1.34.2-1.fc44. Changelog Fri Nov 14 2025 Bradley G Smith - 1.34.2-1 - Update to release v1.34.2 - Resolves:...
Malicious code in await-throw-psi-simple-debug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 937c92f1846343ce1e7e08ff398c3ef8339757e31ea3f856fbedb5d32b508cf5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in double-decode-encrypt-cache-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2dd120085360bd941b6b618bfba167ef9076e6663bd3af7dc247e1b7a6588f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gravity-juno-cors-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8097a0705bf1ad76bb1607942f6aa70d99247cce4d60a546977d03b5d6d255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in leda-command-aquarius-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54b97a5b24e9f1c261d1603afc2a38bfe2203106a11ea4b09ee3b7341b64025b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dorado-hexo-sqlite-postcss-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a4a93ae9c0b359cf320351a3af5fd7016688cc60265a5c221a86d43cd0faad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189881 Malicious code in test-cache-rehype-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6d134b4980b93d8c9ca0986a32a823ed1185745ec35ae4127978f61c7e7324 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186188 Malicious code in cluster-tool-quasarjet-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77d3dfb3f3920e3a072a4e1193a85adde9b2af5801f438ea99da4553b52e6154 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186235 Malicious code in command-pulsar-atlas-on (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b38ad021b2edab7a1022fa57221eefd500f88a7e7cf7d45dffc7b50ed47d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185709 Malicious code in awk-sun-deploy-key-omega (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269eb7a813c15992670144ef18f9ce3cea7e0df757009a82a2b25dff93f3dd4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189029 Malicious code in quasar-capella-bootstrap-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0bc1b439777658c1074981b53aaec6921f57e4b6f74d04257402b16d4c5734a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188151 Malicious code in mutation-cladistics-graviton-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48b72ad4908dcbef9674d785f529c71aa2981793455c795ac5532487e8fc7328 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186572 Malicious code in development-antares-xerxes-membrane (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4362fc9df795b9d7cd12a02041fd8a23c9956574057cd907b59e60ecca9a9ebf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189584 Malicious code in solarnebula-browserify-lightyear-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d0114a2c36dc9ade148440482f25df3f599403a605d2438cde49dd242f702b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dorado-norma-sequelize-hydrogeology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c5310268f12744e307ddeec31c9193e9e03f4c09638606993ade4b4ceae9989 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sync-uglify-js-rest-superagent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab95b633e6385faa2ae97803caa076c5aa6894ce8f5a472eb6441b96ae2ea32e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...