221 matches found
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...
CVE-2026-3306
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...
CVE-2026-0727
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...
Malicious code in boson-fornax-redshift-andromeda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8ad460d17d98be79c67058b757e71e3ae60d0c46be553cbdfd8319bfbfa14ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186815 Malicious code in eris-framework-lacerta-biomimicry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f17dc9f17e12f1b196ee0c36e786282dd58ca017e19208f2db374ca138e0cca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183598 Malicious code in lomi-ifus-ugofalia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e49f85980110fcabf1d130f5057ea19c66934c1cbcf05a3dc59c95fd1ec28d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in flights-lutuig-adifailo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808a0e43959ee35c1b467f49e1d71dd847bcca8ec40ba97188eda9409353bc39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in poliaoz-aiksdfo-alfdaa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de58f62a6eecc34564426889e1a35cf5777f080fc0bf596070fd48823eebc345 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181993 Malicious code in flights-lutg-oidabilo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27041d654cedef123189d199b7f617041c7c94f9ee3c61a8db57bd7df566f39d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183189 Malicious code in kidt-avog-uvuffacfaafv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d90c6ea362cd68d669b4a89f0f4ff7527b812dbda4ce1f5357adf9d2216465d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181668 Malicious code in astam-ift-digokiuaiasnla (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0a6d69144d7114952ef7c1454e7a122397b80f1ca4e093a13f81d6d383009f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in roti20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dab0e4c176ce580b76fb0d45d46fb2799e45fcdf0c2b5d0374c9ced5793eac0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-otle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2522f9b93f25a0681daa23a196b8f1ee5522c141008ef08ecc72fd3dbe166691 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180715 Malicious code in teate-thy-sonic-muglo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f71095579b5a8d72a9f75828ee4374ae392c475c75e1bd98e6b64131bafd7e7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180997 Malicious code in teate-thy-sonic-ucel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763bb0141218fc2f17fe9ceaf08107af77914e86a34e84d167daf02c4aa3eab1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in goodafiun-ta-fgif (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf273e127b659f3f9968d836c85d2e8a25dd5fc9d69f15f1f75a9fe3600d3f78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177083 Malicious code in nuyar-adar-bya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4116d7d3bcd455ec1ca41fe512e20e6ae0593bdc74b3aa2069f3580d170fda9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176745 Malicious code in nuilva-dadre-agajagha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dced2f5edd7e752b413d321399d36bfe17637b926d56eb91f9b9f6923c809e30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manusidda-manuidais-manaudida (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b08631410ac471228a2e6ab335bf9d01705727e3f522979648c85edc6a1dc16d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178263 Malicious code in rintono-poke109 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdc58b7269b26ad36c67fd95356ce4a1c97a8a0d99e0d4c7c8960b70d82bfa5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...