44 matches found
Malicious code in mev-shield (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...
CVE-2026-30624
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
PT-2026-33072
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
CVE-2026-30624
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
CVE-2025-67858
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...
PT-2026-1886
Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.27-2+deb13u1 Foomuuri versions prior to 0.31 Description An Improper Neutralization of Argument Delimiters issue exists in Foomuuri, potentially leading to integrity loss of the firewall configuration or other...
MAL-2025-184220 Malicious code in modasiv-kuvu-bavoiayabu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e747ad4a0cf232e35f8f0a35548e3fcbebe473e503aa138a7066a10c61ae3eda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lookingan-namala65 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82d4fd24f766db186fd084cfe9dbd180867c7d37086daa61d32290053ab14a31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fomalhaut-phoebe-mocha-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0c65dc66483e97c54b8468b7f9233fd0f70b6e6e03353e421697a43a22ca46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-121515 Malicious code in lina-ubi28-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6de706251ac92db5a38f8486f26952f643c2d01b83f28646c34f749dd04f19c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-116581 Malicious code in putri-pecel76-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5eb004962d55ff3ae30a34d72a9549fadf99b691d1bffdda9a6d50f2dfc1d95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in utomo-gandul57-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5421f55e84cf010810f07b448a60a96759b9522736b191854e0f8e0074fd9232 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-72074 Malicious code in bayu-gado-gado33-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0247239b232ad3dee54876fd7fcc723d61be3b7dc3f112ef042424fc2304f35b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zul-brengkes23-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce223e80cf87b90ab05b64c3f92b03d839e0da0a55b509f5c6b3a0c0c8e3915b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-60945 Malicious code in nosy_parrotfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbd54fa23f771f27c1d4d7c0aacc28762b2ae2e0dbcdf16eda6761bb9e7846fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2017-7341
Malware in sbrugna...
EUVD-2020-6148
Malware in sbrugna...
EUVD-2025-19892
Malicious code in bioql PyPI...
MCP JSON Config Detected (macOS)
Binary data macosxmcpjsonconfigdetected.nbin...