500 matches found
CVE-2026-28201
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...
Fourth Frontier Frontier X Mobile Application, Frontier X2
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, which could result in taking control of the device and lead to patient harm. 2. RECOMMENDED PRACTICES CISA recommends users take...
CVE-2026-5758
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution...
Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure
This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...
CVE-2023-53876
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...
CVE-2025-13932
CVE-2025-13932 concerns the SolisCloud API, where an Insecure Direct Object Reference (IDOR) allows any authenticated user to view detailed data of any plant by changing the plant_id in the request. The issue is described consistently across Red Hat, NVD, CVE lists, EUVD, and related advisories, ...
PT-2025-49142
Name of the Vulnerable Software and Affected Versions SolisCloud API affected versions not specified Description The SolisCloud API has a Broken Access Control issue, specifically an Insecure Direct Object Reference IDOR. An authenticated user can access detailed data for any plant by modifying t...
Malicious code in publish-xanthus-cypress-redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cddde1a52ce767fadb05cbd31671938c574d95abb54b2c3e13d2a133ea934da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in markdown-pdf-auth-neptune-optimize-css-assets-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edeeb03d25b128fd84b87b2e7eb8c732469db592c485a2eadbb54f27cb71452b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-browserify-run-script-interferometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cacc4a64b4d804b1463da01e313d7ac3dffa03dd38c41503807c199960b9afb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in abiogenesis-version-magnetosphere-typeorm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640005ea6e048c4bbda92a3a84442171fc521ad5f6261a7af05c49ac3f88956a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hot-thread-cold-fast-epsilon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c05ed2faa72ffc66743755809b61ae158c8a76189298f711ee7005be644c7df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-leda-ora-bootes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e252313c23c3c5509c627db3eebcfc9456566db411c0497086f9794cb39f2fd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-frontend-umbriel-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 450cd01180dcd763f0e71dace6523bf6463b5283590244bd767ac247a40b3c25 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-biohacking-mongoose-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d482681a1746eaaa1bbde7130dfb8ec74d55c296d84140f66286c3dcaea82c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oberon-mdx-hydrogeology-bunyan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03f7ec2bd6822ff1708b0250bb0c57bd1da996bc00fe5b964037082fc9942ea0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in protractor-neptunology-less-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f99a560aedc45e4f26911ef2f432de2beb6f35bacf82bea94cedc3949128db3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188753 Malicious code in plutology-meteor-xerxes-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb5bc61e9eac228156b339e33b38872ab4c63538b4ef99c2269a8dd85462dd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonec-kat-fgfav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a832ed9f5989ac9ebf09a92688ff51f717a666b43aa7259c907396ddb6b5ff53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in modasiv-kuvu-bavoiyabu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f00acd245b0aee4ec3749772ca746248185f263e52968556fcab7089824c0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...