Malicious code in grotesque_kiwi-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53c1d7ebfd2a6454c020242e45fda0cb2d043fcd2c06ed2113c2fb99ccbe1da9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-76712

Malicious code in grotesquekiwi-tool npm...

SUSE CVE-2011-2649

Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call...

SUSE CVE-2011-2652

Cross-site scripting XSS vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file...

SUSE CVE-2011-4195

kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name...