1387 matches found
Malicious code in oktafian-menjes29-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e528adff89ce0d50fb5eb22793ce5260aa47482543c3c48a097537101632aff7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in citra-gorengan41-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09c2368c422173114df33aa3f4c6b5895229011fca5c7706af453640e56dd6ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-97283 Malicious code in vivid_bird_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b24778e683965e250eb68f37a739fe7a118d90df7861b2f1ae908653b8cb00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in joni-otak-otak97-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5186dd8c2dda512fdc9d6e59b543ce84fcd34f6f15d40f3419d55a4f4d306c62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in citra-tahutek88-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9824d6e0d6529777f867a9075befb93d71f0b43ddbec4cbc2e5222c4873388b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in strategic_flyingfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a593b3fcacc31dc2503c2db4ecd67917ea5f71350902fad28f225f1eb5533d0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-asinan11-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bba5166dd2777510eced389b179a3acf445cd0f9633a5b4e4a0b2e0eda3eb5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
curl: Arbitrary Configuration File Inclusion: via External Control of File Name or Path
Summary: The Arbitrary Configuration File Inclusion ACFI vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name or Path CWE-73, occurring due to the lack of adequate validation on the user-supplied configuration file path. An...
CVE-2025-64319
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
CVE-2025-64322
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...
CVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
CVE-2025-64319
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
CVE-2025-54863
Radiometrics VizAir is affected by a vulnerability where the system’s REST API key is exposed via a publicly accessible configuration file. Public access could let an attacker remotely alter weather data and configurations, automate attacks across multiple instances, and exfiltrate sensitive mete...
Salesforce Agentforce Vibes Extension 安全漏洞
Salesforce Agentforce Vibes Extension is an AI-coded agent extension from Salesforce USA. A security vulnerability exists in Salesforce Agentforce Vibes Extension versions prior to 3.2.0 that stems from improper neutralization of LLM prompt inputs, which could lead to manipulation of writable...
PT-2025-45031
Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...
PT-2025-45034
Name of the Vulnerable Software and Affected Versions Salesforce Agentforce Vibes Extension versions prior to 3.2.0 Description An issue exists in Salesforce Agentforce Vibes Extension related to improper neutralization of input used for LLM prompting, potentially allowing manipulation of writabl...
ELog 安全漏洞
ELog is an electronic logging software with a web interface by the individual developer Stefan Ritt. ELog suffers from a security vulnerability that stems from the ability of an authenticated user to modify or overwrite configuration files, potentially leading to a denial of service. If execution...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...
CVE-2025-64144
Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-64146
Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...