MAL-2025-103692 Malicious code in hendra-rangi53-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 461d5714423c7ee8e3e4282c354cb498b389df98276d8059b2150275bc04cf6d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-97382 Malicious code in willowy_marten_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83febdaf6bf7c2b024cd588a1ab5a47e19a2b05c3e261574d98eee2d168e72bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-95069 Malicious code in intelligent_puffin_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d5024eec4c81ec031d40647f8838cc601e17cf0057cd0f0c8fae5068427beb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-74300 Malicious code in mahesa-oblok18-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f972700934330fbcaaeb8ba223e4e99353e8947c3953abd107e5297953413b61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in massive-salmon-baboon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3246680bbd074dc58285a221f35e5d20727fd2ba14b9f06103a2ed14592e824b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-66015 Malicious code in vina-rawon69-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf68db031223ab7bd9b45177d2a58855fad6dff0a92bc8d0421b620dc4ce115a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12865

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

EUVD-2025-38732

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-12864 e-Excellence｜U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

EUVD-2025-38733

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

CVE-2025-59461 API does not require authentication

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

CVE-2025-53055

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-53058

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Application Logging Interfaces. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2025-53065

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-53060

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

CVE-2025-53055

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-53034

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with...

EUVD-2025-35282

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow...