Malicious code in pipe-grid-byte-old-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 707c043a8df19e2deb325b85449d0ea39297d0bfab853cf484146aafbc444bd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145147 Malicious code in mongoose-atlas-jsonp-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8bb3df50a1c12820fbf37a28bc595d1401ac0562035b52bd7481da4963b98ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143338 Malicious code in hexo-child-process-chromedriver-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56017395a22b1feb5980e8e21e1e425f64d73852559bbecd77fbdc7e97b99099 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in agreeable_constrictor_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c24263b0744240f5e5548af59d738191d708e925d28b2ced3ff600d5c8cb829 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

PT-2022-9127 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information...

CheckMK Raw Edition 安全漏洞

tribe29 CheckMK Raw Edition is a comprehensive and flexible IT monitoring system from tribe29, Germany. A security vulnerability exists in CheckMK Raw Edition that stems from a problem with permissions in the /var/lib/dpkg/info/ path. An attacker can exploit the vulnerability to change files or...

GHSA-PJ97-J597-PPM7 Malicious Package in rqeuest

All versions of rqeuest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process w...

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/baggage-freight/ Exploit Author: Kaimi Website:...