MAL-2025-147998 Malicious code in slides-venus-auth-cygnus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2ca4bfc7c92d49903d81da05832a002a81757952406777c5fc4d4ea8eb30ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139723 Malicious code in auth-install-express-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc84c9cea7a462d14f089d9789f7cf7e51ace437fac4962b642f9119a22902e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115650

Malicious code in cassini-auth-phoebe-venus npm...

Malicious code in draco-auth-resolvers-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e01a1e333d58856b3ce23766018ec3198d0aa4fc6404f150f0c457c256b1d104 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113949

Malicious code in eris-auth-fusion-nodemon npm...

EUVD-2025-121257

Malicious code in titan-auth-websockets-algol npm...

EUVD-2025-123721

Malicious code in phoenix-lint-staged-auth-aldebaran npm...

EUVD-2025-116710

Malicious code in antares-auth-thuban-semantic-release npm...

EUVD-2025-116441

Malicious code in atlas-terser-webpack-plugin-auth-rocket npm...

MAL-2025-145527 Malicious code in node-sass-auth-ursa-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1d32c1b5d407a6418140a9935485f4f0908661c8b028023df0857f9c764648 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147195 Malicious code in relay-auth-cassini-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bf7a75cf1af94a450e995779c3a4f00f61ffd14df9177e7fd4aea774699e5e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-42940

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2025-2319)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthTyp...

CVE-2025-63666

CVE-2025-63666 affects Tenda AC15 v15.03.05.18_multi. The flaw is that an authentication cookie exposes the account password hash to the client and uses a short, low-entropy session identifier. An attacker with network access or the ability to run JavaScript in a victim’s browser can steal the co...

EUVD-2025-60927

The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

GHSA-XMQ3-Q5PM-RP26 Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...