2164 matches found
Calibre-Web 安全漏洞
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B Individual Developer. A security vulnerability exists in Calibre-Web version v0.6.25, which stems from malicious JavaScript not being filtered in the username field during user creatio...
xCally Omnichannel 跨站脚本漏洞
xCally Omnichannel is an integrated communication platform from the Italian company xCally. A cross-site scripting vulnerability exists in xCally Omnichannel version v3.30.1, which stems from reflective cross-site scripting and could lead to an attacker executing malicious JavaScript code...
MAL-2025-176459 Malicious code in nokire-nakaoci5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 426157b02f97f1d5957632904c226e5fe63f26142f598d4ed5a9774b439b429f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in affffffri-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d14193e8a77540c4c9d680e3738718b18a4c5f1de8ff0a3fb2c4c1f74e0c95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169499 Malicious code in uaragifa-afaoti-urufuayo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2eb94caa02d906f44003c219f716a9a826bcdd4d59e71b4da5f5a540622f744 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-166101 Malicious code in slamet-poke8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7497b7b4731adf26ab8d4297fdf4727fa5e9b73808ea3319fb904d609f9069 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in angin-poke16 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e803dae050f6543c61d95578329eb90f5cac60d91eef7f266cda58cd5d75e4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yuda-22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e26aabb3e3087ae5a34ef6ffd05e4026dc57877acb000abc94f3f966cc077da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manusia-taval-maoi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e3bfd160d979715643f628611af86c89d98544be09f726cb59e9cdf33a6b1c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-163446 Malicious code in nokire-sekiya56 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6636885b62af8607b7af8cbcaab82f74fa16ad66da52b4abffc764143d6e70a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150477 Malicious code in @miptaa02/adahfe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 874e315be2cb8bb04dcb743e2890cc3c8a10df79795ab5a1e2907dc8afaea4af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154186 Malicious code in dajouka-sdfaa-sd3a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a552e53938ad63a678351df56846b27fc4e8795edf89a7c9d2d968c93c3440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-119988
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
CVE-2025-12872
The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...
CVE-2025-12872 aEnrich|eHRD - Stored Cross-Site Scripting
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
CVE-2025-12872 aEnrich|eHRD - Stored Cross-Site Scripting
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...
Malicious code in vuetify-postcss-loader-mongodb-less (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1901883a12e5906a3aa40a43f8816c93e38fefb894c40b8271a376d5bb6d12d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143876 Malicious code in javascript-await-upgrade-venus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14592802e63f3973ef3ffea2ec15e4d1dd4b08a23406db7faf7b24ee39c3e473 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in parcel-scorpius-mdx-umbriel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bc7a21c4963dc60ce68de9cc69056a821e1b943c03d0a1cda2e6c27e06d667d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142969 Malicious code in google-sagitta-nodejs-nightwatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 338abc925116d84e0ecc7c1b0f9dda422e67c5ad6a11245fb5ce6333b89b3a63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...