MAL-2025-163446 Malicious code in nokire-sekiya56 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6636885b62af8607b7af8cbcaab82f74fa16ad66da52b4abffc764143d6e70a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169499 Malicious code in uaragifa-afaoti-urufuayo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2eb94caa02d906f44003c219f716a9a826bcdd4d59e71b4da5f5a540622f744 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-166101 Malicious code in slamet-poke8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7497b7b4731adf26ab8d4297fdf4727fa5e9b73808ea3319fb904d609f9069 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12872

The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

EUVD-2025-119988

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

Malicious code in parcel-scorpius-mdx-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bc7a21c4963dc60ce68de9cc69056a821e1b943c03d0a1cda2e6c27e06d667d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vuetify-postcss-loader-mongodb-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1901883a12e5906a3aa40a43f8816c93e38fefb894c40b8271a376d5bb6d12d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142969 Malicious code in google-sagitta-nodejs-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 338abc925116d84e0ecc7c1b0f9dda422e67c5ad6a11245fb5ce6333b89b3a63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143876 Malicious code in javascript-await-upgrade-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14592802e63f3973ef3ffea2ec15e4d1dd4b08a23406db7faf7b24ee39c3e473 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in erwin-kembang9-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58698e0f46c75270506b936d8be9b398e7fbf2c58efe269a6660e09b1408b8f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in exuberant_kite_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9b99249339763cc2ed12fdfce3c9497ecfac8941ae5022a9666a61f5d12258 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mulyono-brongkos65-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c2d7354ad0cb613be0dc3cab77d9cdfa32ccf381794e6eba832f3b0ae35b0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in patria-tahutek7-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7ceec550527ba9eaa6bbee77c363f6c8ef1a1db536d67545a84bc8f3c62c1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in depressed_ferret_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 131183831aeb5e3a3f256422bc62f2f8ed8a54c53200aad63b982020b643335a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tasteless_angelfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be31574613e913782f9b5fa36aea26dd8990ac986f2cfbb5517f9f8bcb4ef3a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-84347

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website...

MAL-2025-113942 Malicious code in fauzi-nasiuduk80-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43e4f273905accb16df06ec3343bf0fb251ab9c4f9f34c432c5c87b25d895796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11085

A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website...