687 matches found
CVE-2026-2205
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...
EUVD-2026-5824
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...
WeKan 访问控制错误漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the file server/publications/cards.js component in Meteor Publication Handler, which...
PT-2026-6944
Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...
Malicious code in meteor-developer-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150affd8ab309ef6631d484dbd5f086a709aaf97cae168d6a0a8a966327c32f4 The package meteor-developer-oauth was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202364
Malicious code in meteor-developer-oauth npm...
Malicious Package
Overview meteor-developer-oauth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2025-192412 Malicious code in meteor-developer-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150affd8ab309ef6631d484dbd5f086a709aaf97cae168d6a0a8a966327c32f4 The package meteor-developer-oauth was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191101 Malicious code in generator-meteor-stock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678199611d26a80c99b9cad377ac570dda69e8bc8ed1114a1178d98c2c611973 The package generator-meteor-stock was found to contain malicious code. Source: ghsa-malware...
Malicious code in generator-meteor-stock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678199611d26a80c99b9cad377ac570dda69e8bc8ed1114a1178d98c2c611973 The package generator-meteor-stock was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199206
Malicious code in generator-meteor-stock npm...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190078 Malicious code in update-meteor-jupiter-kaus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175813
Malicious code in unuk-cryonics-gravitationalwave-meteor npm...
Malicious code in alphard-dynamo-antares-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548e58df085b49fb6b9511df3b11a9697aff3fa1dfec19601ea92bc5f247f34a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in baryon-helmet-apollo-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e509619c8cda9fd9f1db9cb20bb317bddf00e771bcc44d0c746b082e3da2e4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-loop-meteor-jasmine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74c329a482c68f847b5078bc7c6cd99a0df89ac2ee483147aa5ed8810a29dc2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ganymede-meteor-equinox-iota (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf6caf727d2ca931162dc42199e8135f7c9bc25580dc02019ae90f6876bc9655 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ganymede-volcanology-meteor-andromeda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 439f5aeded04421261b5e44959256e95a019859e49ea507d43c2521ec92cdfb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...