16 matches found
EUVD-2026-28832
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from not enforcing dmPolicy and allowFrom authorization checks on Discord direct message response notifications, which can be exploited by an attacker to bypass DM...
MAL-2025-188876 Malicious code in prompts-xanthus-blitz-eslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5254336ae396f90fdca8d9a98e3c45ded6be01d1e812733bf65f8d8a93c58b39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aibopuna-mobiple-amaikhora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba6c70e64e4359c419425e8e9ad6b727f4c690d6209a450466a457f5b77dd59a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147965 Malicious code in sirius-parcel-electron-builder-rate-limiter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d82865d2c4c118814f34f9e55544cc147c81d7874040ad365913faf99ebac58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in laila-rojak90-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22f975166f68986708c748e4b8f46d6a332f450bb818077f38e943ed23a31f42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vera-taiwan38-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c45fb3c3caf6168e01329128a4f107334f4ba9b3d8864044ba8eec4e9fcfceb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138481 Malicious code in zaki-moci25-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e39706a508524c65190216211d21684887d215e85d14ff97cee3ce15edd896a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in riana-tongseng56-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 040b4ebb595d1f44ed7844aaac105a5ee4d58a32923428e63587016091f3c774 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in revolutionary_mackerel_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe6e39317d2daff4f547f58f9164ceead40110165ce25f7eaa303aac9f5128f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eka-lengko35-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c83dcfbbb611043f71db3077c5c9e9c2c045e5be8609143af19af71846f2d348 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vina-taiwan9-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8dcb1966fab78ee96477e26c657bbc241c0616b742d12921b7e2827898d848e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-80094 Malicious code in musical_constrictor_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee5fcb7cddb6f17cff817f9dcea5a6281e356c87c3f8cebed021aad19b8de2a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-65037 Malicious code in riana-gandul72-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3ae66ca3e01ebe05c9ba11fae59e415551a8822a4b8b3391333f526643942a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-61660 Malicious code in worldwide_roundworm_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b84d9a42f7010d031f3f39dc64eedc85ab887704f3a9450a2427e43d98e22b84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-50784 Malicious code in agus-wajit34-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4de70fadf457489afc00cddedf0198fcfa5c667b0e469bddd8c10f2dc372bd7 The package agus-wajit34-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...