7425 matches found
PT-2025-47449
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the schemas parameter being vulnerable to SQL injection attacks, which could lead to...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool from Google USA for transforming data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the Looker Developer role that can manipulate LookML projects to take advantage of competing...
Mozilla Firefox < 55.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 55.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-18 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson...
AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution
Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...
Google Chrome 安全漏洞
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a DevTools mal-implementation vulnerability that can be exploited by an attacker to cause a sandbox escape...
MAL-2025-186479 Malicious code in darkenergy-google-paleoanthropology-thuban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e7840b2d8bc4ea830f6ac0902efab2ed67a3181461cec1cc74a07a7c515f105 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tau-fork-hot-web-big (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b1535674fe21c755cbdb872d3615e3794dce7ac1ab4df9d0b4982a0903171a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zephyr-ganymede-fomalhaut-hercules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 400d2c278a0302d618f65ae002e9c82387d30f08742bf4fd5af0b01c9082a40f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phenomic-loopback-rigel-mechatronics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2c60808f9819379866cda6ffe21efd73b974a445126a3dbefeaf8be4e60424 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cosmology-levels-terser-iota (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 288be03c8843b42fcdfd629ae8d089e419583efc975261b79fa3e9b75d609a23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187144 Malicious code in gemini-sagitta-cordelia-aether (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab8d2311414e1b1acf4dd1d565d5665bcd08dfdcacfc575f768244f7c9c7ca75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186182 Malicious code in cluster-norma-solarnebula-outercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 310edc185150396d4084de6f1966060af47049a0250c939ebd7dfe2899c1f291 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190352 Malicious code in xanadu-singularitarianism-fetch-fermion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ccd63704a8837ed8bae59ef565a17f740167e4fc9a2bbf7f4164bc2321af13b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189408 Malicious code in sedimentology-ablation-meteor-xml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89630c41cfec74f2f32cc931b82d19ac766f0283bbbd3b649bb05f33e57956b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187535 Malicious code in iota-centaurus-blackhole-cosmicray (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe9edd2d1e8b436561ebe0f717ae927f48886e57234216c51efa7ee60e1199be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in odasv-kiuu-bofauffsni (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafe2ba65bdffbca4b1c025e2a54ad713667dd618400e18bb0461f202de65a81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manu-oyi-ginuosgimsof (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd8bac6de78cc5e2d25bb0e42062e7abfdc5a070726981c0ae5614b38f407ade This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in itale-dci-rrsettt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8191cedda4515003228f4e351e32614bc6cd65adaa9a0080675200964b3dcc90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184835 Malicious code in poliaoz-aiksgsdfo-alon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c30f0b6f20cc35b602fbe7872a2b8e6a8cbb405355a482cb3de1546766b54d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...