49 matches found
PT-2026-32671
CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload...
Malicious code in xenobiology-hermes-selenology-umbriel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 520f8b0d6c97bb10f487a3d93d392a620438141a0256a422bdefb4ae61f5b959 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in anidta-hauli-mudisli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba2b3327ec00ffa5e14ba23007c0944039502098dd18fe0bbb60ae23b91474b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miftah-mipta13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b020985c9065879070afba41cbbe014f30aeabb022522a51fabdfa050534c2e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polymer-aavof-afdao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ea841ddd6d18958cec52292125e257df69e8c311d84a17d7e5a01d1293ca36b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sahufar-satiaf-favurafan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 332f5337f87c92e5dd9db0a1a2731229c9958616050803ffeb7e8cea68c479f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ameennaseem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ba95cae898b4d69876e95a3748bd2691fc30dd229832734dcec6c630ee3558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in namase-mewel-baukmwmek (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3265ab7e74f3a8e50eb2c8e761ae120da08e278bc2b0704d0e3c92962056727c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in munir-butya-bsesr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d50de89880494382de69ac9b97089e100a3614fb991f3dab3781adf919f6689 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in trevora-jjiisa-cir7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b61e509e4dd496b1059bd5e77294633fde76c7f0d2b94905acf4deb0a81b63a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-161830 Malicious code in namasae-namua-mapotaip (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851f342bea8d866bcefc1cb77fe440abece2251a33bf5a83781b98c199bc8f45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153115 Malicious code in avminah-fagias-ifiafagg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 194f196eb14ed05986bd43f343632fb1b3c0effe00d17cb4c5c555d88a921864 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in syahlan-poke20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 079aaa60d9b61e7c1585d6cd8ca325a6bb104e39a43cc8187fa44fd1b3ce6679 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in iomodra-forufuai-jali (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b4b85c50a53db49300d8ccc261eee877fdae77d7ee4dbb963dfa84907647ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sunderan-udk-vaali (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7da6c9f046c5144f70a5d2f26fc5f6e24c7d130883f3f1257ebb8ed6c3eae5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-168547 Malicious code in tealove-nokire2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c5a4ba6c31804c833b05669def65318535a8fd6c8da09296957d91fcb0d0e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-151305 Malicious code in abibua-mobn-atauma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef3abac34e8de0df268314c03e3c1ab473a62daba40ce718fe2d982d87f73e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157935 Malicious code in lala-poke13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c1184df2a6a63a3fcc0f5976f70bd9176d6680dbfda15471b6ff5be8bdbed52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ophiuchus-pegasus-process-achernar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f530cf05d6f45016a32bf21db037723f65c80554e40a435593ae11fcb19241c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139016 Malicious code in smoggy-lime-trout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53897c4ff35fa4579e29ca086d5717918f25b29a030ccfab161c605dd9822911 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...