CVE-2026-26077

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

EUVD-2025-117047

Malicious code in supreme-coral-mandrill npm...

Malicious code in grateful_mandrill_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f152d1ac269c6ef914a1b40a998eadfdcdd5344647e25c58cfed8a2e84c4117f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-97473

Malicious code in knownmandrillz3n npm...

EUVD-2025-98448

Malicious code in gratefulmandrillz3n npm...

EUVD-2025-98063

Malicious code in improvedmandrillz3n npm...

EUVD-2025-103275

Malicious code in okaymandrillz3n npm...

EUVD-2025-102996

Malicious code in prettymandrillz3n npm...

EUVD-2025-99703

Malicious code in youngestmandrillz3n npm...

Malicious code in known_mandrill_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 295b082271888d9bb504a5eaf4d500aabc4d056cd79d69afc1dae875d183178d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-127339 Malicious code in improved_mandrill_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b78c9de4a9cbbf1ab0e3e5ad14cd81eac274db4e0f6f136e25190bb3a1bd68b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-122410 Malicious code in oral_mandrill_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c91b33709a5fbfd14ae7a4106da540b7e9cd3cef263b5d4c13b4eaf50cc413 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-88180

Malicious code in uselessmandrillz3n npm...

EUVD-2025-89183

Malicious code in resultingmandrillz3n npm...

EUVD-2025-89762

Malicious code in objectivemandrillz3n npm...

EUVD-2025-74104

Malicious code in victoriousmandrillviolet-37 npm...

EUVD-2025-74590

Malicious code in handsomemandrillivory-56 npm...

EUVD-2025-75909

Malicious code in purringmandrill-apptea npm...

Malicious code in rare_mandrill-silentdev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8039af2e9b9aec798f34827d43e9d5d65533c7f459f19f9707324904c94c166a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...