Malicious code in cosmiconfig-fermiparadox-parsec-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09f948165719318c18a9effd583b6ae532e7c7164c847038d344101a3d955ded This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in modiov-kihan-avcafivivuaviagfavacd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2901cc6ce48aae45614c3ba331e203f115e27127530f8c1a5e5761a1df88da8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-157766 Malicious code in kuinsu-luki-nsubi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a1c56d0e4370ed478122aacf5a80e73fa15f4bc8da8c9b055e677ee203b59fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in firebase-google-castor-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c35d855c4037261cc0e67a28f5041d8ad7486426f5f63b1215b4d1954ca699 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in alphard-auth0-webdriverio-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6859770119a4e78a30f5f48c4be3a5d007b88f48d81094e3471b635972c0f46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dangerous_chimpanzee_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d83a24db1f8e08c873e9476c86865df4c9356d3e4d575b1bd9d8597b2fdd065 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-109294 Malicious code in super_aardwolf-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68f1282fc8f7e87ec550f799c53c62d00fb4c8d9ea1812f15a1e8600a4f44f57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in future_pinniped_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9b67d17d2ea55d5682d8299d601266648a6e96dca732ee78d948e9772f24a0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in high-olive-cow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb765593ddf1c386b753acd5a319e9df1667606e56deaa01b5afc6bca14dbcff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in increased_scallop_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 392090a2791c29369927f18d6992c40e3de836b608df1231e3c0a98517608d29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

SUSE CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

[SECURITY] Fedora 18 Update: isync-1.0.6-1.fc18

isync is a command line application which synchronizes mailboxes; currently Maildir and IMAP4 mailboxes are supported. New messages, message deletions and flag changes can be propagated both ways. isync is suitable for use in IMAP-disconnected mode...

Fedora 14 : krb5-1.8.2-6.fc14 (2010-15803)

This update incorporates the upstream patch to fix an uninitialized pointer crash in the KDC's authorization data handling routines CVE-2010-1322. It also pulls up a few backports and compilation flag changes from F15. Note that Tenable Network Security has extracted the preceding description blo...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes. This also allows them to expose the summary of a bug. Bugs are inserted into the database before they are marked as private, ...