762 matches found
MAL-2025-141924 Malicious code in electron-orbit-eris-sagitta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31d6232b592be2cc1a0994076a160047d12756e8ff87bd53613432dc6ecf7e06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144961 Malicious code in middleware-mongodb-leda-barnard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ac868d322cce021ae4cda8e245af3f8fa418596dc7f29ba457f1caaf7666878 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46700
Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1761813675 Tuleap Enterprise Edition versions prior to 16.13-5 and 16.12-8 Description Tuleap lacks cross-site request forgery CSRF protection in the management of Subversion SVN commit rules...
MAL-2025-133060 Malicious code in eko-sambel36-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafa5e39c232c2f3c3306d88e6cf29b95ade187636341fea0c1765622fda417d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-108622 Malicious code in sheer_stingray_dumbs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc61bcd567e345d59f6b80dc5c07a6169f405f9e4a863071a4a9f6ef78855a75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-76240 Malicious code in wibowo-jamblang59-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 264c13d6e585c90e24549df58b490fcf5e30e2267212c581fa7d20ebc1ab7bea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in opposite-lime-cheetah (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ff88ebe00d3b5760aef3f55b9e96a7d2b1bafd325e83a41d9255bfe3a2fe98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-68861 Malicious code in independent-silver-turtle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5146524a5491b8f8b5b0d7c09096983c8cad001e274ccbbf4cd31e4e6fa070d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-gandul60-tititugel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91960244a64a969678bf971b6d75a746d55d64610757e645168a1590a75a7cdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-54050 Malicious code in oktafian-lengko81-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9757902d93182d2b290bf167b743b9042f651fd3425ffc950e3f1b9c69255422 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
containerd CRI server: Host memory exhaustion through Attach goroutine leak
Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach e.g., kubectl attach could increase the memory usage of containerd. Patches This bug has been fixed in the following containerd...
PT-2025-45119
Name of the Vulnerable Software and Affected Versions Django versions prior to 5.1.14, prior to 4.2.26, and prior to 5.2.8 Description Django is susceptible to a SQL injection issue due to improper handling of dictionary expansion when using the QuerySet.filter, QuerySet.exclude, and QuerySet.get...
CVE-2025-43389
CVE-2025-43389 is a privacy issue affecting Apple platforms. The vulnerability was addressed by removing the vulnerable code, with fixes shipped in macOS Tahoe 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26.1, iOS 26.1 and iPadOS 26.1, and iOS 18.7.2 and iPadOS 18.7.2. Affected comp...
CVE-2025-52663
A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...
CVE-2025-52663
A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...
PT-2025-44063
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.107 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Description A Cross-Site Request Forgery CSRF...
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...
EUVD-2018-18340
Malware in sbrugna...
EUVD-2021-1978
Malware in sbrugna...
EUVD-2021-1668
Malware in sbrugna...