Malicious code in emulate-catch-file-mu-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 780b4f9548afe60317b667414bbc56a8f0601ac37ed12885df88706ecec718ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188014 Malicious code in meteor-bulma-augmentedreality-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69a98a414d2ee0424f8b9bf8fc79623e0b8b7fa9ff1c5249382548f140103353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-174935 Malicious code in inul-poke20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 403471f62df2bb68d87de04ae3974ac41f0bea7efc3a160deafc5d73636b6e2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-161292 Malicious code in nabila-poke89 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b9ab1dbfcc850b6f2e3b8be273f1c284f333c3dda797d4eb729153ede304b2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hermes-cross-env-quasar-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b866027887b5ac9b2135f67ab8bb33027c601c32e209811c78c6548170512f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141455 Malicious code in dactyl-superagent-csv-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ac37a2b7d4cf959487b6971f5a52dfd4de82f944d66391f5002aadcedb11b9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in erwin-keripik98-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c223b9f35e2e59cd3c0cb9b8efa9329f2eb59ff3ec94b05083da0fe309c90da1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-95239 Malicious code in lexical_clownfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51611202dd3a39b316aa069b5a92abf2e6de81d300221c16ed2c6c465b7b047 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hadi-gorengan38-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad19e00e0cad6f1cb56034e52003339b00d91a5a085c105d4ebb9dbfc2c74c55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-72969 Malicious code in fitri-gorengan90-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d29654a8dbdfc36f69342f19a05d768f00d9d392f1ba63efda421bc79ea240c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in curly_cobra_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d2761c04a163928a9748465e7f6e77e47180556179a7bef3530eaff63de6ee2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

STCMS V3. 3 SQL injection 0DAY vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability causes: There is no filter$SERVER lead to the user can be faked$SERVERX-FORWARDED-FOR, so the malicious injection statement written to the database. Using the steps of: 1. Enter a comment on the page, the first comment A and capture. 2. In the package add a bar: X-Forwarded-For:...