6484 matches found
EUVD-2025-179602
Malicious code in config-regulus-auth-ophiuchus npm...
EUVD-2025-177148
Malicious code in pipe-virgo-perseus-auth npm...
EUVD-2025-177402
Malicious code in orogeny-quark-archaeoastronomy-auth npm...
EUVD-2025-180227
Malicious code in auth-pm2-xo-google npm...
EUVD-2025-178191
Malicious code in kinetic-jovian-auth-cache npm...
EUVD-2025-177296
Malicious code in pavo-auth-sedna-polaris npm...
EUVD-2025-178083
Malicious code in link-uglify-js-fermiparadox-auth npm...
EUVD-2025-177746
Malicious code in mui-auth-betelgeuse-xo npm...
MAL-2025-187815 Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190383 Malicious code in xerxes-auth-jekyll-ionosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51ad4f9df284c5088fa33be03291602f134c74a08bde68bd1d24c3220134e5cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176267
Malicious code in spectron-grunt-auth-europa npm...
Malicious code in elara-auth-enif-prettier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6a97085d0f95d38a45aa6b0ea2fad76374accd0dce2a52a48e7dc7b4bd9758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186691 Malicious code in elara-auth-enif-prettier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6a97085d0f95d38a45aa6b0ea2fad76374accd0dce2a52a48e7dc7b4bd9758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-64517
sudo-rs (Rust implementation of sudo) is affected by CVE-2025-64517. Versions prior to 0.2.10 incorrectly recorded the invoking user’s UID in the authentication timestamp when Defaults targetpw/rootpw are enabled, which could allow a highly-privileged user to run commands as other accounts using ...
CVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-40129 sunrpc: fix null pointer dereference on zero-length checksum
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth, zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2...
EUVD-2025-113634
Malicious code in figures-perseus-auth-aquarius npm...
Malicious code in passport-auth-mongoose-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7d85f744ac10f023e729b0938e368ce262176e72333839512dcd5f6d5f7e510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-116378
Malicious code in auth-middleware-phoebe-bootstrap npm...