MAL-2025-54100 Malicious code in patria-buburayam48-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 248b141069374da97f74f8b94f0a6ff9f5361ce8c1fc67a85e032cc39455fca6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jaja-botok97-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a1606cd3a6e2b6503bd9962266f3ed516f5063b6e37f6383806f8c8d87f805a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kurnia-mendoan37-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26eccfa8dbbfd236e17ef193a2ffd7d65de515df3eda87e9df6038fc9bd65cf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kurniawan-oblok34-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f764b2fe4bf58c80a46f312cc3cea9818bedaab2d5c8a22b1c283e879be20e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-lodeh84-apidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a6737ac395e94b95bd15996f032ba2163efc5688fa3592fc3181de2fd43b30b The package gilang-lodeh84-apidev was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

MAL-2025-52381 Malicious code in tania-lapis72-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a945888680671299044371c3a6362901102dbd2a13cc3161f54df007b4828ca The package tania-lapis72-sukiwir was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

MAL-2025-50912 Malicious code in bambang-papeda42-cloud9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 963bc32c45aef12a38a9b965e8ed3f5a54071895aa5864507b2cc609f7a194a3 The package bambang-papeda42-cloud9 was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that shou...

EUVD-2025-33388

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

PT-2025-41407

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space Security Director versions prior to 24.1R3 Patch V4 Description A missing authorization issue exists in Juniper Networks Junos Space Security Director. An unauthenticated network-based attacker can read or modify...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...

CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...

AZL-10652 CVE-2021-20316 affecting package samba 4.12.5-7

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share...

samba: Symlink race error can allow metadata read and modify outside of the exported share

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share...

PT-2022-15997 · Openstack +3 · Openstack-Barbican +3

Name of the Vulnerable Software and Affected Versions: openstack-barbican affected versions not specified Description: An authorization flaw was found in the default policy rules for the secret metadata API, allowing any authenticated user to add, modify, or delete metadata from any secret...

AZL-7214 CVE-2021-32815 affecting package exiv2 for versions less than 0.27.5-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denia...