64676 matches found
EUVD-2026-37856
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...
Malicious code in tool-tailwindcss-cosmology-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 024cbd055f4aa386cbd24118ce725f651db3fc425f37acf6453c7e535d8d1d1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrometry-postcss-loader-mineralogy-uninstall (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca444498c36427713db81e6375390896a4f50a84c54ef6a52a73cad76ca35971 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fork-crust-filament-kardashevscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eacd2de681ec1c3e693bda71b1a50f3636b7bfc63e53f158913c115b5c5e658e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-json-dynamo-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2e07823e5cce346b257d22926e479c2d0a207460567f6726c84336674fe59f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fusion-publish-query-auth0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d512720b57f461578a656406e73eed2aa998862e62e2635a60b469de603a5928 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in got-lynx-greatfilter-betelgeuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb1e5ae3602ba1d907e123d07c8bb75e62724ff1d8078775eb901682291c03f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tachyon-asthenosphere-less-loader-dagda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21c3181d7e1225e94cf6ec96aac89e6b7e7832996548331008eb289be9aa746 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in singularity-kuiperbelt-loopback-fermiparadox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1afa76f7fe37851e702aa99f703e08b3365b03f94bca78843a30a75678da27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polaris-juno-taphonomy-membrane (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57aadb0c6fc2fa048e9640b5186c58a3bf3c7e138f166b104d24916c8d7d6286 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in execute-java-short-cluster-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zephyr-mongodb-wavefunction-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb6455e842bfed2e45795b6fa4955bfa999151b2b9d2cf8678f31179f7a042f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radiometric-vega-element-ui-oortcloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1260fed5837dd3c43bd4ecea72add038d82fbcf75ec543f03ca004f630806fc5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pi-authenticate-cold-encrypt-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac2ec191304f45d1b827faa2c4ebc3b52fd5f3ba53ea48a1c5a28dafeae6e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phoebe-petrology-sirius-fermiparadox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f897ff38dbb81fa575193bde8868cfa42159ce1bb70838cfe850d7c349b77de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zeta-cold-notify-fire-easy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77229f2590e999b50f84151be215aed98544f5d472493de435539a1fb1794260 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in release-it-library-start-inquirer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348aaa3d96cbbca9efb6a3b8e5c7e01f9bfc1413dce9e60070864b028329ab09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in entanglement-pino-lint-innercore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bae11fcd1d834d151b4d2a4fabd47aea93d666ed6b8a38c767ddbcfe35e8ab8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cluster-steganography-slides-entanglement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796ab19af8288ef87fc08c84b75032e9a955512cf76daaf4f031d635f7ec9e99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in oauth-zenobia-mechatronics-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09a302ded4491038396a7065140b8b3fd0cb60afdd87d680b8a4d45bbf1a26e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...