383 matches found
MAL-2025-61544 Malicious code in uptight_flamingo_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad1d2551e4587ad89c82dd373ed9774fe19d2c46335d986b4b6656a74edc8ed4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-60071 Malicious code in causal_leech_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7004327ce5ad26e79d044efb29e71900466cfc1f3c45da70a3c592f295903de9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-59799 Malicious code in zaki-kentang48-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3461d591257f385816e55827d2d96fbe5d91573342ba9cdd874dd409d19639e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-59028 Malicious code in tuti-rojak36-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656d81c24ec126252ae7e61b01e0b5a327ef050ae5d7416dd7b12a5d52ca7ba4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mulyono-bubur72-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5f2a2a831f719ca04aefb28369775e4e98fc979b625bfc05f3de3944c406656 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jaja-rujaksoto49-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf9f904d0e21f1a7d5c17a6405a2447d74541cd5ad587b89f7c14bb9fc2b21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-59505 Malicious code in wibowo-mangut2-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c831a6e6739bd0e9f08f1a39c9103047cff8124ec9ae73a3778c35806b7701da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-58997 Malicious code in tremendous_cattle_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1be04469ce7cc28ec2cfffb29632daa4180da4529fff858b85d83d79e15a93a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aggressive_chipmunk_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a9c784b80d659e2119b74584ea7a724f461dfef7f0ea5ef19851ee19a0ea9da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-59549 Malicious code in xaver-asinan10-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 314ef411a25ab5993284cdacbf95f7ebc6330c9bbf6650ab9ab395b4326d1d2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vida-brongkos79-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58efd1508753060aeb6fb4093ee50a97292d75575a2f482a249fbfb68b1933b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-55413 Malicious code in bored_cicada_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6163fc9d51c1b0382866c1975ae1c94ba41cf581735f852546b099435ba86ad7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-tomat53-devapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c79257de326a35afd4b195293268aeafc17bb00a455e07b4cf005e077264387 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-53355 Malicious code in maya-mangut87-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c4d0063b96190cbdaa9c16784057e0e11515805e9c8984e1b1b48f7cff0c3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...
Design/Logic Flaw
Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...
NView SQL注入漏洞
NView is a php class for natural view management. NView suffers from a SQL injection vulnerability that stems from a problem with the function mutate in the file src/Session.php, where manipulation of the parameter session can lead to sql injection...
PT-2023-10615 · Unknown · Red Snapper Nview
Name of the Vulnerable Software and Affected Versions: Red Snapper NView affected versions not specified Description: A critical vulnerability has been found in Red Snapper NView. This issue affects the mutate function of the file src/Session.php. The manipulation of the session argument leads to...
Prototype Pollution
mixme is vulnerable to prototype pollution. The function mutate and merge allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype...
Use of Potentially Dangerous Function in mixme
Impact In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate and merge functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denia...