124 matches found
CVE-2026-6543
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
CVE-2026-33032 Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...
Malicious code in apollo-redgiant-kardashevscale-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08788ceaa486e98ffd1ab8b7ffb4dece829bf89d4a6f7042306de6eafa7c0ee9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189210 Malicious code in rest-auriga-bellatrix-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b86da353d85dffaff66eee00db788ffbba664110467cbb9f4b56baabf574c9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in postgres-asteroid-readable-dione (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde9ee609c1893f744ce44f7e17918ae0bb056420c1a91a06cf22239e5736047 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187363 Malicious code in hologram-oscillation-config-nestjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94fec5f581224d5aae6e79087d88350c41d0a91a59e1bc1e4fef8e66c48b7c35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in diva-tugafai-imagga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56546bcf43f53d499079f74ffc8162ceec654285e129fa93e28630f43efb1904 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in diva-tugafai-imagiuvaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08c270a1163d353292c9263d5aebed678f46c86d9c6fa8bcffd54c091b116fb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153215 Malicious code in avminah-fagmdas-dieogrga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd96816d19ca54ca25b50c9fe3327a9c2599f5b5b97a3ea10c232cea1c63f022 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169811 Malicious code in uinsu-lisa-amaa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76dc44ebf2081471816bf2d2c8c3a0d5dd05324556fd39542438c3db84f29da0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169555 Malicious code in uaragifa-maraneffu-safari (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 247d231bb9022452e0596e69c7181163ebabc0e70be735c116c37feea5d0856a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tealoveness13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07c84125394058cab54c1d13f7e2417d64237ae04db091d19989d57f2829ddec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-159836 Malicious code in mansila-tiala-mhlni (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff7de7946f174e48d53580a5ddb015fc038cc4bd8866ceaf6039ed6f87ef8f12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-159173 Malicious code in makan-aiavamoba-iaviufai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8878884c88d4b09cf4309493463054256be9d1545e6d1e5dc0ff4faec4ad6764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-165496 Malicious code in sabua-muyufafu-dafua (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50432a33c0b8bfc779aec96daed141a1329c52774f6e486d208956cad6506c00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in intan-9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd0e13a1e7953076645d78566de32b8451fb626e60e5a532481bf914cb7446a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in enif-gatsby-fetch-lacerta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de2f9b8d363ef3c5fd440250303d6b6fd6a231b41e7b92f2ab5ae9881eaa924 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in equinox-xerxes-convict-ignite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc8a218e391950bb7e213b36959360050fc42140f58484814757055dd9ca5a3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148238 Malicious code in sqlite-run-script-transform-cordelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 155890993439b256e12a4554626a807e3653c3636884abfe6e3000631856f1f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...