64676 matches found
EUVD-2026-37856
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...
Malicious code in soap-odin-config-sails (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c5fb11eb83b83b17a16cb7ae6c6f075d0c88452e612dcd5a1b07ea5cc8eab15 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in helmet-terser-isostasy-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6d590435965fd0d4709f2a296b53d67c019e8b303be67e195da8cf4cba2cfc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pi-compress-grid-class-fast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6d671c689d2c3dfcd0d0dbaee3226495d7038edcc575e8554523c622d82ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zeta-beta-secure-secure-load (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93a5c435de2671bef333672da04229cac813381b0a6af0485bceb971f387c84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tool-tailwindcss-cosmology-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 024cbd055f4aa386cbd24118ce725f651db3fc425f37acf6453c7e535d8d1d1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrometry-postcss-loader-mineralogy-uninstall (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca444498c36427713db81e6375390896a4f50a84c54ef6a52a73cad76ca35971 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in table-old-sun-await-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fff252c7519516e755af569d60b67bb3cbe754fc47400f464b2f0a3628ac9d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sagitta-shelljs-halley-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c27d14c78f0650cc9e36a6a09704b5376e65f49f575b3bcc650e67f28f0dbb37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in janus-robotics-optimize-css-assets-webpack-plugin-jovian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0793378417a72050f4ae70f826a2da21befcf17f43ea0e8d0157e0268e5eedfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nova-quantum-protractor-commitlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b35d5356afc081638f9e5562655901df31ef1d90eb6c13779454805d9ab8f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rocket-fomalhaut-sirius-kronos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344f2bc058eebc6954eb5e9126619426a4e49a9670f2df757ea7590314e6af3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fork-crust-filament-kardashevscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eacd2de681ec1c3e693bda71b1a50f3636b7bfc63e53f158913c115b5c5e658e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in native-rate-limiter-uninstall-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38f83b9375b1dbb5616eb88f859c2dc6f2ddb8d31a21fdcdf96be69a301dd89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-robotics-filament-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65dfde16dd768ac14d658dcc5d9aefd9d6e5e79e6df9a61fe8202c0c895d6480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in config-ophiuchus-levels-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00e2b33ecfe6efa1b745f3dc70eb10dfaf23b6cf9dd3ef2b8fa29f57ea8fd01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in grus-prosthetics-stream-prettier-plugin-markdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8349dbfa155f2d339ef3fd2ea67bde24011b09acb828ba410014298d1394d52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in husky-despina-readable-oscillation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5adef6936078e914f40a91db6e76efafdf970222f3620390210150ef16c332cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-json-dynamo-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2e07823e5cce346b257d22926e479c2d0a207460567f6726c84336674fe59f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...