137 matches found
CVE-2026-8426
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-187301 Malicious code in heka-bootstrap-javascript-loopback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79bcabd4095430daa841c61c56b16ee60347e93be2e7f9c25d47d2a34c398593 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187081 Malicious code in gacrux-dorado-impulse-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c65b3ff1c02ec4218b6d3cfd1acef8705073c0a75768296613710e6fd716088 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186447 Malicious code in cypress-enif-robotics-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b49d84ee8d80414f9e2624545178e0888e208b9cbdcff9007d1a5f97bbb230c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189267 Malicious code in rollup-nova-wavefunction-rimraf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a71178046d6bba4cd289f92d4a80c4b5b2938521d5c4be7a784b9de70d0b722 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188429 Malicious code in on-xanthus-panspermia-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dfaa23e99c9f44a5e3062d69e7746b098ef5f4219ef4ec9a2f8688841a1bdb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189814 Malicious code in tau-data-grid-minify-function (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51fd667a40b0b62ada505565aab53c39d96f06b26be3e9b5ce274831637ecbcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in library-volcanology-magnetosphere-foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 708f64ae257d4aca048c20cf895d70f55011231980d876ebe03f4b405952b3a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186166 Malicious code in cli-holography-bunyan-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b99709cf279a1a0f87117719e8b2cd54765f1b9ed84a6db8465fdf46399aa064 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186120 Malicious code in char-bundle-route-refactor-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a22631db367f870abe285498e1329436f0e2cdae19a36aab92989abb9d68daa4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mlokok-lfki-hbi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0af35f5c397a7384325edb20d5ea9eb36bccea4e30d6d60df7e56fea1828cdc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180140 Malicious code in teate-thy-sonic-afiv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb57b8ca848196f05334cef0dce42703428af5ac3bb21e360eaf6c966619ad9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tearich-new3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 922f8151427cbb1d871e61b996bb51dbc7f06b332cee34c7278f76723c62c2b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lia-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed90ceadf6cc856cdbeb306b136d40a27412e8c48ed0d0b7dffab3fc70d5aeff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuyar-id-aiforx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92f5ff84936d40c1c25f2419f4542d6477407d004dfcb0b37e1b22b34ce373c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ateefshaikh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9375460ec892febffb550010b8ae5ed22c7067e3ae435152cdbd35b77a50bcc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-kilua9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274d69b99ae3d96ca40e0c33bd46ec594737853a7150d2045c392679b9d83d46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153009 Malicious code in aviah-afaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 031c2e25c6ec02da64071a7d88603710b1563a0374c5b188aa2d52029baed2db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153999 Malicious code in cara-bsunsn-jsaunso (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5f93d4430bc0e5cd4cf7d848aa6c3fe69d26ecf05e71000ddcd3bdb573aee30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...