444 matches found
Malicious code in iwan-mieaceh73-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77da58ae2825792cdabda8f6df19ee8b8513f5bb961782f7cbd140f8831bc266 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-81618 Malicious code in testy_skink_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b83c1a83cb082ce75a0318c8604d1926763bea690fc9a2d66954b629201abce2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-73120 Malicious code in gita-botok30-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9513b2f169a398510e84a9e60881ab902a33934d60e2f5dde2ddb414e22b695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-71861 Malicious code in ade-tahu94-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a40e151f77cfc18e70cf9abe2ba767acde014cc54e3af73ee977c68e4a807afc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-55509
Malicious code in changing-fuchsia-iguana npm...
EUVD-2025-55510
Malicious code in changing-bronze-limpet npm...
EUVD-2025-55508
Malicious code in changing-moccasin-smelt npm...
EUVD-2025-55506
Malicious code in changing-white-horse npm...
EUVD-2025-55507
Malicious code in changing-violet-crawdad npm...
MAL-2025-70615 Malicious code in significant-tomato-swan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397dfef6807f0949c57e8e8d4495fbdc768bdee20950baa7f1b58225c7b64363 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-70590 Malicious code in shiny-lime-cat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8de4bcf13bacab09b2e2283166b8da951d953837d83850565c04a2f4a2ab15e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-67143 Malicious code in changing-white-horse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9db5370b8b830bc4326e932b1c7c63dfeb5d95b32d6baea514fd02489291a87c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vera-tahu77-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4872c7a3ad39dbe5972a54a4f34b18494f5f7220b844fd9dca75021e4798a0a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-63441 Malicious code in ida-sroto43-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5179768d0a41bf74ec4f9a5ca7f199bd52df20354bcbe3e34b230d7947c6e2a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-65635 Malicious code in tomi-lutis19-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d73e52cd9a8f07d37e450b1fcfa637fb0e80c6fcd83dae47a0a0e0db8b2cd8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-66240 Malicious code in xeric_earwig_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b810b86529c534377a5d8c80447141c9391d24d7a6057de517cdf5bd9dbc5947 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-55467 Malicious code in budi-sate92-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f438d8aaf06d4d0c9b1ecc299623382b7b057346e7c682da6c2b13d490663b95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-54679 Malicious code in rina-getuk21-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a5f03b63c9f27b366e65ad5a44374e1f39725954a1b1443bfbc840a93caa808 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...