499 matches found
Fourth Frontier Frontier X Mobile Application, Frontier X2
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, which could result in taking control of the device and lead to patient harm. 2. RECOMMENDED PRACTICES CISA recommends users take...
CVE-2026-5758
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution...
Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure
This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...
CVE-2023-53876
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...
CVE-2025-13932
CVE-2025-13932 concerns the SolisCloud API, where an Insecure Direct Object Reference (IDOR) allows any authenticated user to view detailed data of any plant by changing the plant_id in the request. The issue is described consistently across Red Hat, NVD, CVE lists, EUVD, and related advisories, ...
PT-2025-49142
Name of the Vulnerable Software and Affected Versions SolisCloud API affected versions not specified Description The SolisCloud API has a Broken Access Control issue, specifically an Insecure Direct Object Reference IDOR. An authenticated user can access detailed data for any plant by modifying t...
Malicious code in hot-thread-cold-fast-epsilon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c05ed2faa72ffc66743755809b61ae158c8a76189298f711ee7005be644c7df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-browserify-run-script-interferometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cacc4a64b4d804b1463da01e313d7ac3dffa03dd38c41503807c199960b9afb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in markdown-pdf-auth-neptune-optimize-css-assets-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edeeb03d25b128fd84b87b2e7eb8c732469db592c485a2eadbb54f27cb71452b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oberon-mdx-hydrogeology-bunyan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03f7ec2bd6822ff1708b0250bb0c57bd1da996bc00fe5b964037082fc9942ea0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in protractor-neptunology-less-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f99a560aedc45e4f26911ef2f432de2beb6f35bacf82bea94cedc3949128db3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-biohacking-mongoose-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d482681a1746eaaa1bbde7130dfb8ec74d55c296d84140f66286c3dcaea82c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in abiogenesis-version-magnetosphere-typeorm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640005ea6e048c4bbda92a3a84442171fc521ad5f6261a7af05c49ac3f88956a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-frontend-umbriel-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 450cd01180dcd763f0e71dace6523bf6463b5283590244bd767ac247a40b3c25 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188753 Malicious code in plutology-meteor-xerxes-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb5bc61e9eac228156b339e33b38872ab4c63538b4ef99c2269a8dd85462dd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in publish-xanthus-cypress-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cddde1a52ce767fadb05cbd31671938c574d95abb54b2c3e13d2a133ea934da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-leda-ora-bootes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e252313c23c3c5509c627db3eebcfc9456566db411c0497086f9794cb39f2fd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in modasiv-kuvu-bavoiyabu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f00acd245b0aee4ec3749772ca746248185f263e52968556fcab7089824c0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonic-kig-tnadeaxav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c2a114c5b200cc356c8e268c640d22ee5c5bd25c7e8eabdc30dc31c5397790 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonic-kuig-tgacav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1bcc6949785852eaa9cb9ece8206116a337b83963cad8b8c2c0e1a7dce49b92 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...