7642 matches found
EUVD-2025-67793
Malicious code in persistentorcaz3n npm...
Malicious code in persistent-white-jay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9443d1136148155802d5fcdad0fac7678a03c4cca7c360900cd41737b7416bb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in persistent-copper-wombat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a35835de5af4134ea4c67d8d02888cd8da6b7c4356444e28b497c1a698a554c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-52779
Malicious code in persistent-beige-stingray npm...
EUVD-2025-52778
Malicious code in persistent-copper-eel npm...
EUVD-2025-52777
Malicious code in persistent-copper-wombat npm...
EUVD-2025-52776
Malicious code in persistent-orange-finch npm...
EUVD-2025-52774
Malicious code in persistent-white-jay npm...
EUVD-2025-52775
Malicious code in persistent-tan-herring npm...
MAL-2025-69871 Malicious code in persistent-copper-eel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d89f89bc38576e1ef521540c2bcb734bc0e92457c2ae0e485624e5b2d7a1a41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-69875 Malicious code in persistent-white-jay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9443d1136148155802d5fcdad0fac7678a03c4cca7c360900cd41737b7416bb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
SUSE CVE-2025-64433
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...
EUVD-2025-49644
Malicious code in persistentratz3n npm...
MAL-2025-55022 Malicious code in chai-as-sorted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0a3502254657767ec819133929d33c2b84f1d9607acc89e9557de2b80e9bed The package chai-as-sorted was found to contain malicious code. Source: ghsa-malware 0a769064bb46785af26b5ee4af98633de26f88bcad7b199c113bdf52940e195a...
Persistent Temp-File incomplete cleanup / resource exhaustion in `transformers` Serve
Description The transformers OpenAI-compatible server leaks every base64 image it decodes to disk. Because the temporary files are never cleaned up, an attacker can exhaust disk space by repeatedly calling /v1/chat/completions with base64 imageurl entries. Vulnerable Code In...
AZL-69799 CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...
CVE-2025-64433 KubeVirt Arbitrary Container File Read
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...
CVE-2025-64433 KubeVirt Arbitrary Container File Read
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...
CVE-2025-64433 KubeVirt Arbitrary Container File Read
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...
CVE-2025-63420
CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...