MAL-2025-141622 Malicious code in development-ini-start-epimetheus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4617475d964864836f5e94abaf991f558e3dedca1e65661637a22c5cb9e884be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148467 Malicious code in taurus-development-sirius-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7be8b5020ffe59b7b9afc50b4ca06dc749d7ade12a8b455458bca24118978902 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141748 Malicious code in dotenv-safe-development-command-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64c16cfd842e8cb52469e8ea8f152f3e7626745060a732985a6a98d9c59f8271 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146370 Malicious code in polaris-spectron-webdriver-development-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01b97c61b120b0d11484dbe757f30da970c4faf2ded6606a69162f1d6f7b2213 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141640 Malicious code in development-xo-pegasus-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c96b3a002fd84313582346e0279eb4c4b80b80e4021e090a04a37692156c7d5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143315 Malicious code in hermes-development-virgo-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b9ebfa206b435c81a56d67d919dc4e28ddfda901b05abe2419b067e8de16f38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141050 Malicious code in configstore-enif-development-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18867f5616affb9421d74ecd880425debcb7b7e0fc1670211003ddec8dc395d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148648 Malicious code in thuban-development-transform-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9970fc2cf7485e3a83f92015f3ef345dc16d84cdf3b6f96adcc69731705a2da6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-64281

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials...

CVE-2025-64280

CVE-2025-64280 affects CentralSquare Community Development 19.5.7. The vulnerability is a SQL injection through the permit_no field caused by unfiltered input in the application, with CVSS v3.1 base score 9.8 (CRITICAL). The impact targets confidentiality, integrity, and availability. No exploita...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7, which stems from an authentication bypass that could result in unauthorized acces...

CVE-2025-64280

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...

CVE-2025-59491

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...

CVE-2025-64280

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...

PT-2025-46671

Name of the Vulnerable Software and Affected Versions CentralSquare Community Development version 19.5.7 Description A SQL Injection issue exists in CentralSquare Community Development 19.5.7. Attackers can inject SQL code through the permit no field. Recommendations Update to a newer version tha...

PT-2025-46668

Name of the Vulnerable Software and Affected Versions CentralSquare Community Development version 19.5.7 Description A Cross Site Scripting issue exists in CentralSquare Community Development. The issue is present in form fields, potentially allowing for malicious script injection. Recommendation...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7 that stems from unfiltered input in the permitno field, which could lead to an SQL...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7 that originates from cross-site scripting in form fields...

CVE-2025-59491

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...

CVE-2025-64281

CVE-2025-64281 describes an authentication bypass in CentralSquare Community Development version 19.5.7 that allows attackers to access the admin panel without admin credentials. The connected sources confirm the affected product and version, the issue is labeled as a high-impact vulnerability (C...