367 matches found
Malicious code in blitz-nodejs-postcss-umbra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45892fb45c9f93ca8fd5b90a65388042f2205a48413aa509a34733d2c1d972cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in standard-aquarius-css-loader-webdriver-mocha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec05f0a48a6171709e472121b4da1b9b84e2fb0444facebb8acd27d908e38b1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139954 Malicious code in bellatrix-protractor-fomalhaut-css-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f4aa076d16605f852f34a40ab150b55bcd62c3c8df33c8f1fa61916e50f8113 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142436 Malicious code in fetch-celeste-link-quantum (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd7a1846ff262e5c7b508f4b84abf81c837205c5ccd7d9dc7f3b32ee0d35ea0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142515 Malicious code in firebase-server-miranda-jupiter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beb4a7fb178cd7eadc112d909aa87f187fb04dd8148d9afd9a0ff5227a5d61e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-126564 Malicious code in fitri-gulai24-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f4158c6be66fe91dc41a974e941ee78ea87955acb0d90e7e33eb2586ac4f89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-116258 Malicious code in oktafian-getas91-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e03984e55331ff69b3362fc64ecd66671c4eaa6db194722ba935941e9c91ace This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-103099 Malicious code in genuine_herring-notthedevs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18d29369f456300a389ed83a5095cf4080e0949835123621b77fced63f079cce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-jus94-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa5a069f51b4b31e0dead11e38de0753c2bfb9e4644af40653edc95b952f6df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tiara-gaplek54-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5030c856d5dd632f32549bf04836aca20e24da73b598b3d987d2aa921add2edc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hurt-aquamarine-cephalopod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d639ab780f7d703fa2d1acae8ca34701ced21d79f8997e8f70239b771c3863c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in okta-naget14-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc5842bd4c0b94889e4d9d5828769e49a13b6f4fb13ae1a4738b0e1458378a58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rifqi-lapis6-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd6550c6acadd642ca3e6aeb276c5438a4fe223fe333d934dce55bf645951b54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Rollbar.js 安全漏洞
Rollbar.js is a bug tracking and logging library from Rollbar open source. A security vulnerability exists in Rollbar.js versions prior to 2.26.5 and versions prior to 3.0.0-alpha1 through 3.0.0-beta5, which stems from a prototype contamination in the merge function that could lead to malicious...
WordPress plugin WP Go Maps 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
SvelteKit 安全漏洞
SvelteKit is a set of Svelte open source web development framework. A security vulnerability exists in SvelteKit 2.27.3 and earlier versions, which stems from prototype contamination in the parseFormData function in formData.js, which could lead to a denial of service, type obfuscation, and...
PromptLocate: Localizing Prompt Injection Attacks
Prompt injection attacks deceive a large language model into completing an attacker-specified task instead of its intended task by contaminating its input data with an injected prompt, which consists of injected instructions and data. Localizing the injected prompt within contaminated data is...
EUVD-2020-11155
Malware in sbrugna...
EUVD-2012-2943
Malware in sbrugna...
Flag Forge 访问控制错误漏洞
Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.2, which stems from a lack of authentication and authorization checks in the /api/admin/badge-templates and...