Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

GHSA-4J78-4XRM-CR2F Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

Malicious code in bunyan-spectron-webdriver-less-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea996c13b6b5a184710be958777615f73170e5e8f3a5e8fb00260064a7d769c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grus-prosthetics-stream-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8349dbfa155f2d339ef3fd2ea67bde24011b09acb828ba410014298d1394d52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-redshift-plutology-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80168c73b44e90a928ec018382d63c6a2d7f6cfb4ca8704de3974a762297e32a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cold-cron-object-chi-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c60002ac5653229eb6215aa13f4ec5c490f97c72faf60b5a0be727c9092c4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in octans-sedna-entanglement-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e8de26676b02acc15c835b2db1cbc166b1c3da77c3fe9955268f44283710cc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dysonswarm-public-mutation-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc07300ebca2f8b26a8d75a123c9110acfca5a9c9ba7c5ca0e175771df0cd378 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mysql-joviology-eslint-config-exoplanetology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643bafbeb2dfc79283955d0c21bab2fd71901ce97f885b0030161154a433103a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-process-fetch-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32310e6d14f06422f625862322cf64c1e6a08c795148c10b8a5c50e384c2f17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in element-ui-fermiparadox-carpo-orogeny (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6743a0059c55715c9eb684a714dfa0ccb855380d2eaaf67d88ce2f24837134be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in futurology-arcturus-saturnology-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cee2cbdc2bc3dff01e44b79762d6c94d9ca914096274d79ac432f730d252e8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in genomics-upgrade-webpack-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88209a1ccc8c21100a6d59adf1dac66a2d0426235764f4dc3c46c16810cf811a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in leda-epigenetics-redshift-geochronology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e0cb3e92026bed89ba1a7df8206dfb41da5cf939d0d3e4c83234ec51d085d83 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mesosphere-innercore-transport-proteomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80bb5102ce8c8e9dda9b0ada71dbcfecfeda472735d4acc10e395b1193b6af4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-chalk-blueshift-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3261ab78dad9de4315430701c10bbd595ac7f1148a275b466115baea23d4af22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in private-centauri-miranda-areology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb0c2d671266707cddfd0b90b331766a59020115915d2ad62a7b52a0b450305 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-prettier-stylelint-seismology-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43052a28656f175ae88ca3541de9f3932eec1054bee702e2ee6c71eec895aa73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radiant-express-terser-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13f9521da351568b57666d90d27cd93da483825173809d96571f3dd28e990f35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in reject-static-theta-info-try (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84dc4b74234abfadc82978e01f9a68d8516ac07a94e6666e93a5703d7fd7682 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...