28676 matches found
EUVD-2025-112814
Malicious code in hermes-aether-castor-europa npm...
MAL-2025-144447 Malicious code in lint-staged-blaze-concurrently-cordelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c264da9ee153bfc81c5d7023d782b5e52b2e8e8b64216fe7ac06aa6fdb1d3df8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-112565
Malicious code in impulse-mdx-quantum-nextjs npm...
Malicious code in solis-buffer-vuetify-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2bc61d79c4df1c3d7fe17bdd02867a909c192bd0655151e889038bc3d9d9ca5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141004 Malicious code in concurrently-deimos-scorpius-kaus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 417930b3a430052e342e5f69a99cbf6ba77c60440316b9ce057c1d09105f7c73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-12126
The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...
PT-2025-47053
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.9 through 18.3.5 GitLab CE/EE versions 18.4 through 18.4.3 GitLab CE/EE versions 18.5 through 18.5.1 Description An authenticated attacker could bypass access control restrictions and view GitLab Pages content intended...
IRAI Automgen 安全漏洞
IRAI Automgen is a general-purpose automation software workbench from IRAI France. A security vulnerability exists in IRAI Automgen version 8.0.0.7 and prior versions, which originates from a post-release reuse issue in project file handling that could result in a denial of service or remote code...
PT-2025-46725
AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...
Malicious code in mute_tern_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f17f8bae7c44e5dfab5abe30de89768d27051561438bd3a88812feb1add8302 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vina-lumpur34-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 730474c4c28f930a6fbc2bc0c46b89c97fab06cc6b59064b5bcd1ca8e8afa722 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dian-nasi88-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 791c9bde62cc85d0a6ace9023a9651133a90544c26ea8c1d12a6351029402f74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oktafian-bika19-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d2d23a762fa109007e9ef4d462af47d510e29d66b77758f1adffcb68e4d8877 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125539 Malicious code in close_shrew_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6955629d35c426a0fdaee25339af0cbc2577b6bbd068de90a76214ddb0b115f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130606 Malicious code in tomi-bakwan84-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e2b8417b89fade48fa75aa52e71309f391c5f795ba822ee23ba6af43116580f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125732 Malicious code in dewanto-lapis36-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85fe59f5c87d464da0695a73fde5736b04da88780a4ec67ea4fa0ce335c157c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-117016 Malicious code in serious_mollusk_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7b9634360adf6462319daa7f8e34b19df02fdc805bcfde00da78c965dc3cafd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-113509 Malicious code in eka-botok35-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61b382c17673ae46fe0682cfbe4d1488662df5f0f48d6fbea908468a41ac1eb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mutual_armadillo_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c78b8bc63a44bb336afbf948c6029a83e76e2fea61deba71fce5c4099de9d23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-110017 Malicious code in unable_seahorse_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff2ee6a54b05792944911008f1501a6932731e33588cb4a7cb65ea3315ed2a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...