Malicious code in lisa-lutis61-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95b600783572e01988b4abea4f463d98ff6043daf4526ce69320070e86b2d4e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in patria-nasisayur10-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24fd4f1fd2472b944dd896f6aee66789600a3949b745bc25dd9498ab0b3a1ea1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rina-mieayam9-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb5a2b47c3001b6dcb5cf5c7e8665669e6885eeb3fec2eb9d9e79237460cff7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in severe_wolverine_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4773c001d51290d00f24ce76230c69045df7bc55614acaf93118009c23c86c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tomi-wajit80-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de8da48d6ae4ccd941c6a95bda54c722448cf5a4afac6f7e6b762f76fde5cf1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-114356 Malicious code in glamorous_fly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a4b5ede7f4c149db6b00d0a68d3a81d7f6430953a810e1d17d07739312c50c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116123 Malicious code in objective_muskox_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac727489d35b84465b72bb5d9cdbb98f1f1a61d28e93941346627a1f52796a87 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113033 Malicious code in cici-lupis97-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d24a318d6777aab6920f7249d9588ebf4a78b80131b31eb8ac120e55e05327b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117558 Malicious code in tuti-mieayam91-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 813f0f132b1d2f8d85eb6502d3ed01f1168e5d38a0951abadd3c0b9216baa512 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-112967 Malicious code in candra-lapis90-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ccc71e24d55fca4fb0825df0c5602211eaf00f261457556a30d64114350bae0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116472 Malicious code in protective_dinosaur_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4573148e90fcf944656c0647b9bdc00624205f190027d3bd1dafcbfcc50e91c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-9223

ZOHO ManageEngine Applications Manager, affected through CVE-2025-9223, versions 178100 and below, is vulnerable to an authenticated command injection due to misconfiguration in the Execute Program/execute program action feature. The vulnerability allows total command execution with HIGH impact (...

CVE-2025-9223 Command Injection

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

kernel: bpf: put bpf_link's program when link is safe to be deallocated

No description is available for this CVE...

kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpfprog/attachment RCU flavors Uprobes always use bpfprogrunarrayuprobe under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF...

kernel: bonding: check xdp prog when set bond mode

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpfprog/attachment RCU flavors Uprobes always use bpfprogrunarrayuprobe under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF...

Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability

Improper access control in Customer Experience Improvement Program CEIP allows an authorized attacker to elevate privileges locally...

Malicious code in dutch_meerkat_amber-65 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90488e88f739b4039254d196e32e421d886cab3a6ba3653257880cf78da5416f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104546 Malicious code in jewwei-devapptea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bccb063251a7cdb4fb328e08eb10b73d83b8b5ea15e55420766578a85cc2c77c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...