MAL-2025-188092 Malicious code in mock-parse-earth-export-hot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f34794b0828e1a200e5572cca5b219a30310bc6f4495e2634c3ddd92840c50ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-steganography-tachyon-exobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16231dc3a37859ca38718acbee5374328b5cb6a2a4f63bb4577fc051dc2be239 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kernel-visualize-meta-import-transpile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9223446c8456063e02bf6a2c8259e55d37e8b0523946e7d529d719fa47b3a4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radiant-on-oscillation-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ca9d06180b7ce0f8167aa6796479c6ce559c18461c3ecc78a266ab88af199d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sedna-jest-init-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25e29146ae9ff359dd96b1cd1b095636278686695d62974a2d5867e6a74edcff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sigma-try-deserialize-slow-omega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa134277639263f6619b38cf6bbfcabf6eb3a6b0fcf40df08f3f58df3e53a0ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriverio-rate-limiter-wormhole-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 546a55ebdbc1b18fed5bbad6be8b757cfe2c4fa0d1f046a9d5deff7b296f6332 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188530 Malicious code in paleomagnetism-process-rigel-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 806c222b404c6835419bb2dc3e3292a0bfea544dc0e55b7579ef348d91329803 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186144 Malicious code in child-process-eridanus-cypress-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2052a0a86d5712791f1bcaf79b700a6a9e92e85eece452bd875120b46a08accc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188026 Malicious code in meteor-jupiter-jupiter-xanthus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c15bb4dde7cb205f506deb37c235142955b3906d8918fa352ab7add70e6e9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186128 Malicious code in chariklo-library-public-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa536a5e403d931475f9787e1461256bb925caed3c743de48b475db4b9bb1938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186661 Malicious code in dysonswarm-lacerta-unuk-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1d4ff271822892355055959d5575c07ac632f3836ddd6d8337d4c9f6915e83b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185863 Malicious code in blueshift-kuiperbelt-asteroid-dendrochronology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6529f5366e3712b3bcecb53700bba7cdc4e0d404e2d5487dc5e3255f0093eef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187607 Malicious code in jest-astro-despina-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 569fa8ef9fdbddd1906550949c47b3b5176f9b5c58439068442b4ef54ed34221 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188921 Malicious code in proxima-thermosphere-weywot-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2244dab451a96c625aa78d793fcb3ba1931ffe5080498587c46c6bbf7f5a3d62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188166 Malicious code in nanotechnology-ariel-atlas-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 726ac8d50d2a6fb517f785829fa5c9a3f25bd010388eeaa6547b9f90cdc68a42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

SUSE CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-60701

The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-9048)

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2023-6246)

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...