Malicious code in double-uglify-long-static-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86cbddf969fda2c0a80a2252a875d61720e0aa7aa2b2a5725fd102e01d1f0c6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185859 Malicious code in blitz-materialize-link-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd6558b44eec2954b20bb99ebb1a7e8e455149631179d6949c5569bd11e1822 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185922 Malicious code in buffer-mocha-astrophysics-technosignature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c19bdb6e5591367013f268343f1513dad33fc681f85b2aef30be47ec269cb5a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

CVE-2025-60675

CVE-2025-60675 affects D-Link DIR-823G router (firmware DIR823G_V1.0.2B05_20181207.bin). The vulnerability is in the timelycheck and sysconf binaries that parse /tmp/new_qos.rule; fields are concatenated into command strings and executed via system() without sanitization. An attacker with write a...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

Malicious code in mahnu-oy-giossisi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8da78aea58ec22d8ef0e2a79c63c6b333f98c79c5588c3d378f8ea4dcaaa0a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183307 Malicious code in ksut-agg-ibifua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 771ba25adc0d410d27fc9f1fc406646e5a7b862637f2aa53d3c319617d310b47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183206 Malicious code in kisut-dfg-diwfzcfecdavgcab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe2f0339a81ec818e29743546170ff2d8688a53ed7edfb06ea9d65fb3bb0fd4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in manu-oyi-gioafisoi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e948acc55ead6175abd00658e2d85ccc65c79f1940193cbcb0069b08771f731e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2022-4983

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...

Malicious code in teate-thy-sonic-ruwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e399e0545c0d5f006d489ae19ef731633582db1198002ef614f653926b927b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in goodan-ngasa-na (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31ebfe7bbe4bc80b10be1af5c325f416efdd7043f5538c249977b217ea0970b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sgoodaini-sanuga-nutabagaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8976c56f18735fcf2fe4398255c84b4b5aedf6af75ea9028cf6260ed81f9cb58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nokire-tanjiro30 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cac06d8612ca64fbec5f7cc01f0264b1b132694fcb6c894a5b2628e9475789f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-175751 Malicious code in kupaio-kulaa-jokiomalo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a3bf298148c1a306a7a5d139e174e22a394b278a6750e3d12ec9eb6cc88a721 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in diva-banifobfo-imfaibai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b38d7569221c27a3a3440c8116e442a2adda3a2f66d61d723776c1d37030eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miftah-miftah15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29026f76a5dbd0897dc49c881194ea8ee2fdb4222613ba76bd871bc19924693 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-177645 Malicious code in polymer-afaj-rofsfafa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b48a4de9ac554d65d0063c6f77da4a9e4067cbfc3cf0b8df78738661496c948 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-177712 Malicious code in polymer-afifa-fasga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6bbc1b37d17f458fb0eb5b95665f0b570b653c5667ef09a0fd4937e6b37d620 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...