96 matches found
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from lack of resource-based authorization verification, which could allow unauthorized access to private asset...
CVE-2026-23992
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
MiracleLinux 7 : python3-3.6.8-21.0.5.0.2.el7.AXS7 (AXSA:2025-11111:08)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11111:08 advisory. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter=tar/filter=data...
Malicious code in apollo-spinner-solis-rigel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d92bc8e061659af9912ea6207249e0e7d6993cab9fd076885c4a2971c386498 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in supernova-dysonswarm-arcturus-solis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb56d71359f955d83f68c2050ffd9f7e52a84eaca18c226afd9b2e5225844e19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186043 Malicious code in celeste-pm2-xerxes-kuiperbelt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d34b9a91ff88597bef75801c0d6dedc69a7142ed8501fa9bcb1cf6c7cb0ea821 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avarage-olios-noilag (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b0e03258cc3ff220b58f7f9ed8db43fbacbf403979fa6cde1e1138d50ffcb63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gocay-guga-vigugudivai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e695dc83b953b654e742eda9e94c955d2b7848987587fcdabe91962f1d635535 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181689 Malicious code in astam-ifukilsit-dakiula (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cd312f77cf708a116b5d75778fcb51d6bd206d45f04ca79f8a6893f998c128c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181491 Malicious code in cewe9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf59e5b808b0358ac24f3b067217b9d9c11b610639413d35049141b0ee976e86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-irkem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d15113973355cf6ef4585c7bc49c57519ecb58e4d3e85d5280a55ce4a34c480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in abdulll-putri-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d45d859145ae92765f6fe76ce2c2f031e16725ce240045be4fcb33dd7d8653 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kupaio-kulaa-jokioimalo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9892681210432c6b1774ba629c23f4dbf124c92b034f5e0c80462a4de0cf5b6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rintono-poke94 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 781fc8b91b74eaec10526ea594ad540a8771a1a2df29af73da52b277b632ca98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jacksmith (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b78a94aafd41e0008ddad528dc4e68dc0422745db382649f39313f4b2210f607 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in amjadashar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67ae9a7b3fbb6ffbfbe88b8662ecfbf14635847e4ddbd6ca94327aeac82d9713 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in butrsui-muiko-mutyooa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0792623affa23f58116447a54d31129110e3b2ede7f0fa3586bb207286b1bfa7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jimmy-poke21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9895b7fb3302d754c54cfb6f7d33b3f6153ff9190bd6a6fb49cbf63d74085862 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in messi-djhhoyi-fssae (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a721694127e3a360f13dd96bced35bf2e7614b40590f4608cfc257b9a6f962c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nustar-miuyu-nasafdfr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22393c673195eba2608a2fbfc1860ed8d02e9a11a8651724a1c7b7c22fb2e435 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...