EUVD-2025-89470

Malicious code in potentialpelicanz3n npm...

Malicious code in potential_pelican_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76c9a3a82e23ecf8dce1d224903c749b87f2902ca4fb8ad0599d2fc4611c45fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in potential_viper_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d78b6b378f868bfb0e5499d2cf425e4e0230b1dc56038f8f1a70f71bc2f51adf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-74353

Malicious code in potentialpuffinsapphire-94 npm...

EUVD-2025-75994

Malicious code in potentialmackerel-appteadev npm...

EUVD-2025-78588

Malicious code in potentialminnowz3n npm...

EUVD-2025-68523

Malicious code in potentialbonoboz3n npm...

EUVD-2025-62601

Malicious code in potentialladybugz3n npm...

EUVD-2025-62602

Malicious code in potentialhummingbirdz3n npm...

EUVD-2025-67770

Malicious code in potentialhaddockz3n npm...

EUVD-2025-67769

Malicious code in potentialseahorsez3n npm...

Malicious code in potential_seahorse_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c042fb003aa3ff316d1d32c6750c376fc65f5b8e942d6512f453b680567f321d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in potential_haddock_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfd4b67072547aec1deae7d6cec88e608af004d208adc4565276c55ba7145aca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-52702

Malicious code in potential-salmon-hoverfly npm...

EUVD-2025-52701

Malicious code in potential-sapphire-salamander npm...

CVE-2025-61945 Missing Authentication for Critical Function in Radiometrics VizAir

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weathe...

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

TencentOS Server 2: compat-libtiff3 (TSSA-2025:0811)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0811 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-11721

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

MAL-2025-48242 Malicious code in chai-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 975b6ac20ebe483ebacc5aac930cd8efb123c6f3e9c68d18bf72c0e42c1787ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...