MAL-2025-150477 Malicious code in @miptaa02/adahfe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 874e315be2cb8bb04dcb743e2890cc3c8a10df79795ab5a1e2907dc8afaea4af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-147517

Malicious code in trevora-cir95 npm...

EUVD-2025-147366

Malicious code in uafagarug-midfafoi-sut npm...

Malicious code in yuda-22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e26aabb3e3087ae5a34ef6ffd05e4026dc57877acb000abc94f3f966cc077da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in manusia-taval-maoi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e3bfd160d979715643f628611af86c89d98544be09f726cb59e9cdf33a6b1c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154186 Malicious code in dajouka-sdfaa-sd3a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a552e53938ad63a678351df56846b27fc4e8795edf89a7c9d2d968c93c3440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169499 Malicious code in uaragifa-afaoti-urufuayo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2eb94caa02d906f44003c219f716a9a826bcdd4d59e71b4da5f5a540622f744 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-166101 Malicious code in slamet-poke8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7497b7b4731adf26ab8d4297fdf4727fa5e9b73808ea3319fb904d609f9069 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-163446 Malicious code in nokire-sekiya56 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6636885b62af8607b7af8cbcaab82f74fa16ad66da52b4abffc764143d6e70a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-156902 Malicious code in irashi-se-swe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a75dea3452b14ce5f252a5623b7422d0f398b3e7658dda1cb4bb95a5a772f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

CVE-2025-12872

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

EUVD-2025-119988

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12872

The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12869 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2025-12869 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...