2164 matches found
MAL-2025-88994 Malicious code in ocha-kue66-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e3ca79f886d9f6284ba9bde91a5b811660156484b8da80238d7f339b2e87103 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-90384 Malicious code in sari-mendoan23-sumpek (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d950a49df44f39172db42a37cbd95cb4e069d6f96f92bd1e411e13a38f518cbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-84023 Malicious code in cindy-lumpur90-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87072a5423dcd6e2952cdc568fea3e3f92a54bb4b5e68c2730653129b0a38774 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vera-tahu3-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2b7cd63bd7577efae7714c5255bd3b479f8b0fdb61c0c618e0136fcbb93f4db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-87996 Malicious code in lost_earwig_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 702f35cd38bc1b8a3a80dc265fc07d9949bccce9aa3404337e70b7f39b0ce262 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-89401 Malicious code in patria-klentik57-kyuki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17b50cb0def28812b9fcadb3d6eb7d38a9125d7c4c100854f6f2e9bcee5515c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in joni-gado-gado89-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bed20d885c8a254a8e421cab3f56aa263a828621571acffcb8ce318b98928a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vida-liwet39-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9da158a7460bf603440cc53df0d56fec1fd787bc2439b7baa35bd52a89e381b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putri-oblok39-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f0aa6098d641c82040e34b4bdf75e1076c6d53e4e1ccb8ff08e8bccfa2d6a18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-80847 Malicious code in puzzled_hamster_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105e2386982424f99d89e9ea91c27ed1b81cbb442b5c0e0231198322d38c80dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79741 Malicious code in loose_gazelle_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05f6e2263383273bf7af0002016aa232964ac2f68abe4cc338f4a2523ecacd9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-73142 Malicious code in gita-keripik17-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d66b05604743b14b2e5d06fd4e15a3bf2a441561e47647c7180325ff138ddaec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in afraid-teal-jackal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6401924ea443c6644a7c949331a70a1037cd4db5434c734b92849a7ce1b3891a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-69485 Malicious code in motionless-coffee-centipede (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a979306220e6542b0c8d69f78472cedcdee4b67e7748a5a3a7af813a4e085dfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46338
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website...
MAL-2025-59135 Malicious code in umi-tek10-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51d8f32eca74de0e2fb5b12d86d5e6f421b51067d01ebc704a1965bfa4a26ab4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in riana-tempe79-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e579f3a7b3e732d89f1a88237eabbf4ddad094a009b8671752264faec0e48595 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-64112
Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
EUVD-2025-36178
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...