100136 matches found
CVE-2025-66398
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
EUVD-2025-206140
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution RCE...
CVE-2025-66398
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
Exploit for Deserialization of Untrusted Data in Facebook React
🛡️ GitHub Vulnerability Scanner for CVE-2025-55182 React/Next...
Malicious code in yaml-phoenix-sequelize-redshift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector befdc31dfbf21824f96fd7dfd16ca443ed7f64f6ae4ef4f86e1d0dd0c1c6c5fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in capella-tethys-lynx-antimatter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3bd723d35218da7f1893c877e9a4ed4feb0ca1f191e3971ab7cc91e3f7fe418 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tool-tailwindcss-cosmology-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 024cbd055f4aa386cbd24118ce725f651db3fc425f37acf6453c7e535d8d1d1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sagitta-shelljs-halley-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c27d14c78f0650cc9e36a6a09704b5376e65f49f575b3bcc650e67f28f0dbb37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in omega-string-view-double-warn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da844f5894c542a0d1cf7cd454e4368a4f85e5c9fcf2b60c0a06e16e1a40fa0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in callback-xanthus-astrochemistry-quantum-computing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e74905ae15aeed1f45edc675826a313007486a970d1f7ff6229b2fcc6ec21d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriverio-vuetify-antares-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec458e52a9b2de78104cd2be4d4519b5b8c449a2cbcc9ea5ba651143ee5dc1e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cat-meta-stack-minify-try (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dec973455eae025b75ae4a2fb66d3f693521c903c9ca3af246808867e0af65 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitlint-slides-octans-resolvers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 428a2525ab3ebc8ba2aeeb9ab46f2510a73a7eaff42b15ac0ac0ff63a719d922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in native-rate-limiter-uninstall-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38f83b9375b1dbb5616eb88f859c2dc6f2ddb8d31a21fdcdf96be69a301dd89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hydra-markdown-pdf-resolvers-postcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3b797c75fdfd25ea211ed69e79105dbfa687f29b61dee7b5781593c49413254 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in warn-array-container-grid-stub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fc1c40e8556a40bb1303463fa81490f6a1cd507d53c7b15d0ccee323cc63deb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in star-private-minify-bad-compress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c073ea8c71ff7c1c682370bd5c071b312cff6ebdf04d0b7966fe8d9f0e529a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avior-backend-technocracy-indus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e4660f214d4b00c4b4abd3af9e79316c7f7c5a06984a4a7e9b4fde2a60140b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in import-log-monitor-rho-function (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0aa8e668ba36d4d41ca2d43ee6c401b9c982a3750a080700e0fadd64b7ec5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...