1234 matches found
Malicious code in nightmare-envconfig-nestjs-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce283718877e46946175f033597ea72cdc7ff55bfdf108784806ef510eb5bbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149471 Malicious code in wezen-uglify-js-stop-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0cb747f817d3854691f2f4e78d85638306150ffa98f5d294bc280cfc35f51d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in react-bootstrap-publish-concurrently-command (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ca53b27778645d89b96eb595882242733d814a4cfe82678efc4b8e67b9ab61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
RHEL 9 : bind9.18 (RHSA-2025:21111)
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21111 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...
PT-2025-46723
Name of the Vulnerable Software and Affected Versions DuckDB versions 1.4.0 through 1.4.1 Description DuckDB, a SQL database management system, contains issues related to its block-based encryption implementation introduced in version 1.4.0. The system can fall back to an insecure random number...
Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
MAL-2025-137094 Malicious code in strange_shrew_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e39a01b860b47e216a5717789f8d4cf047a77b091de20e192db5de1a5d4abc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130627 Malicious code in tomi-kue43-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f05d3e601e1a685bf3f9f499a8dad0b430efe68a14e32f41996cb30d9a44efc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-128255 Malicious code in lina-tek63-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab6627c67647d3ec639013526d6a6fd1803e60af68ece71317deeacee3700926 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nina-keripik11-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4f5700d451e2980bb9fe14afa1f2a1f729c76659dd586edc39aa646ec395e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lutfi-lapis7-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7513242b0c58e4de206f988fa8a039891e5c75cdeb7f08c258e3cb4c0e958dc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91642 Malicious code in utomo-serabi78-kyuki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0061e5719c2cd563bf932fcca7b128784f8e1b660b290407c089a17d7867fed5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahesa-botok66-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15fc78c705548cc542f7713c0eceeedfd1a3a21af72dcdb74ae0a9b5c3746bbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ogi-bubur96-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21171646a3a4d2baa42adccb56b158f72ab4fcd366349cbf8396388520fdaa51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79090 Malicious code in iwan-mieayam79-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a4dde431838509c96dc300d4bd47254f2d4b10ec7ac6b6e3c4b9001fb4c2684 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
WordPress plugin Hydra Booking — Appointment Scheduling & Booking Calendar 安全特征问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Hydra...
MAL-2025-59464 Malicious code in wawan-soto84-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0771ad3d65c6ba6fc0caa2fd1700ce27ae0ecde1508bccf76911a3bba1ffc789 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
RHEL 9 : bind9.18 (RHSA-2025:19950)
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19950 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...
RockyLinux 8 : bind9.16 (RLSA-2025:19793)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19793 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not ensuring that setent is always present, which could lead to problems with cryptographic random number...