EUVD-2025-176941

Malicious code in public-bundle-class-iota-thread npm...

EUVD-2025-177463

Malicious code in omicron-module-export-java-bundle npm...

EUVD-2025-178827

Malicious code in function-bundle-log-validate-grid npm...

EUVD-2025-178986

Malicious code in execute-java-short-cluster-bundle npm...

EUVD-2025-179848

Malicious code in cat-void-bash-cache-bundle npm...

MAL-2025-186290 Malicious code in container-bundle-wind-private-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7db1e29795f86285de0d3050a91ae132752d5fe260eb95e9a4c113a4d16ed7da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-module-export-java-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8baa5da2116892ab1c8ca6241a6768c919d67b33a8bef9202824403296618e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178349

Malicious code in iota-bash-bundle-delta-encrypt npm...

Malicious code in xi-minify-bundle-sigma-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d9afe7d7141055c0838ad1a3d5294b15a110475b4a168a1ba8da29c0f3f468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176799

Malicious code in rain-interface-java-bundle-wind npm...

EUVD-2025-179762

Malicious code in char-bundle-route-refactor-async npm...

EUVD-2025-178373

Malicious code in interface-iota-tau-optimize-bundle npm...

EUVD-2025-179140

Malicious code in encrypt-bundle-test-deploy-scale npm...

EUVD-2025-178336

Malicious code in iota-simulate-optimize-tree-bundle npm...

EUVD-2025-176236

Malicious code in stack-bundle-public-air-user npm...

Siemens SIMATIC S7-1500 Uncaught Exception (CVE-2024-28835)

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the certtool --verify-chain command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

MAL-2025-153165 Malicious code in avminah-fagmaas-adfimsia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b03500685d2e34be58fa713d2051dc975d4fbf69bc624f0e77a29d628cc1666 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

curl: Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM

Summary: curl is vulnerable to silent Man-in-the-Middle MITM attacks due to its design, which implicitly trusts the CA certificate path specified in the CURLCABUNDLE environment variable. This mechanism allows the entire TLS trust model chain of trust of curl to be hijacked without any warning or...

CVE-2025-64330

creationtimestamp| type| source ---|---|--- 2025-11-06 14:22:09+00:00| seen| https://vulnerability.circl.lu/bundle/647bd131-5525-47ea-8d98-53d132cabe2e...

CVE-2025-64334

creationtimestamp| type| source ---|---|--- 2025-11-06 14:22:09+00:00| seen| https://vulnerability.circl.lu/bundle/647bd131-5525-47ea-8d98-53d132cabe2e...