5464 matches found
MAL-2025-142394 Malicious code in express-venus-sails-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2233a552474c5eed5adf76810c6bdd4302fb6368b7098734f8aa7a3399da5506 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145949 Malicious code in parcel-auriga-express-metalsmith (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97e704fcb48a26e6e92d57e74702f29a59010b27f3610b7b864318db8bc6ccf7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142379 Malicious code in express-ini-soap-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49eae2ca0c7684bc542e8a3126f14f9e1a4ab907103a7c6013ca9cd73841ec41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146386 Malicious code in postcss-deimos-express-fusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01a01bdc174dfd05d600759d6d9aab8707546cd8172951c7e942208348b2d8dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142380 Malicious code in express-janus-auth-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6af4e08ee61507d2dfea640b983f7ea3e33015cfc6e4b78590648dd42816e764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141484 Malicious code in dagda-resolvers-express-foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02a92d36a069c5febb5db84af1665e4412342f0c0fd6ffc310f5b08d0b7e1753 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142392 Malicious code in express-titan-andromeda-shelljs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3db56ca2e1f597d46076e860c53c02a5d847424aeba44464086eb792744037e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142366 Malicious code in express-ariel-antares-loglevel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0274a45306399efeb99751314c5ad798fca3103e6af6cba51a2b547aa320a99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142375 Malicious code in express-eris-jabbah-eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68261a9da999cc9d67533680cbe96564c0b0a0adf9718cc791d010c9f8d58f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147341 Malicious code in rest-centauri-remark-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b573d9617518f401b9dcd80de8a1e012c0834c265b4e9e7a20411833b2661a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990881)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990881 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM...
Remote Code Execution (RCE)
cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...
kernel: bonding: check xdp prog when set bond mode
In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...
EUVD-2025-50838
Malicious code in swagger-express-evaluator npm...
Malicious Package
Overview swagger-express-evaluator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in swagger-express-evaluator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b56a0de351341937c692d88411f2d8b6c638192e34d63cef6c3815aa379d278 The package swagger-express-evaluator was found to contain malicious code. Source: ghsa-malware...
MAL-2025-66549 Malicious code in swagger-express-evaluator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b56a0de351341937c692d88411f2d8b6c638192e34d63cef6c3815aa379d278 The package swagger-express-evaluator was found to contain malicious code. Source: ghsa-malware...
PT-2025-49091
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0 Description The Linux kernel contains a flaw within the nvme-fc subsystem. Specifically, the issue arises from improper handling of work queues during the deletion of an NVMe-FC controller association. The...
Cisco Unified Contact Center Express Path Traversal Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A path traversal vulnerability exists in...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...