561 matches found
EUVD-2025-76920
Malicious code in existingworm-appteadev npm...
MAL-2025-102359 Malicious code in existing_worm-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b163463ea5d436addf9c6ca9eb308e767cf6a7b89f7268496ec3326936c53ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-81986
Malicious code in existinggalliform0xrequest npm...
EUVD-2025-70548
Malicious code in existingcamelz3n npm...
EUVD-2025-64190
Malicious code in existing-green-salamander npm...
MAL-2025-94367 Malicious code in existing_panther_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0877858e364cd1964aa36a7ffb8a8bd4eb899da9cbde9bec9c5b5a37a4cd02d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-54486
Malicious code in existing-purple-quail npm...
MAL-2025-68163 Malicious code in existing-purple-quail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a6b4be112198f0e21333fcb146b8759831724822f1f94ae72d6fc60283c0d90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-59786
Malicious code in existinganteaterz3n npm...
EUVD-2025-50249
Malicious code in existingvicunaz3n npm...
MAL-2025-60420 Malicious code in existing_vicuna_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0ddeedcaa02fd1078843449b5927271589c151e8e7a201f83b254cec5314bcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
BIT-AIRFLOW-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
EUVD-2025-35689
Keycloak does not invalidate sessions when "Remember Me" is disabled...
CVE-2025-11429 Keycloak-server: too long and not settings compliant session
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...
CVE-2025-11750
CVE-2025-11750 affects langgenius/dify-web version 1.6.0. Multiple connected sources confirm an authentication flaw where login/registration error messages distinguish between non-existent vs. existing usernames or emails (e.g., “account not found”), enabling user enumeration. This can facilitate...
EUVD-2002-1090
Malware in sbrugna...
EUVD-2019-3212
Malware in sbrugna...
CVE-2025-58586 User Enumeration by excessive error output
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
CVE-2025-58586 User Enumeration by excessive error output
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
CVE-2025-58586
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...