Malicious code in cinta-69 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5dbb846799b5179c558dfbcc9188aefcfc4181fd55d7780caf8903601d53d68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rino-poke88 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c252c09b1b7184b871c5d1e10921422c31764ccc36436f88172454b3679c32f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169598 Malicious code in uarg-mitauifahai-sufeua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b5f6036d4ed025d8d79e585a633823cf8e1b89b7d47667bcdef6110538bfef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154612 Malicious code in dian-poke76 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528c488b13591ca71ec96a76fcee462fa09feb4f3e05acef3289e68c2c12f950 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-9223

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

EUVD-2025-124960

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40169 bpf: Reject negative offsets for ALU ops

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check...

CVE-2025-40123 bpf: Enforce expected_attach_type for tailcall compatibility

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40123

CVE-2025-40123 affects the Linux kernel BPF tailcalls in the BPF subsystem. A fuzzer found an uninitialized pointer in bpf_prog_test_run_xdp() leading to a NULL pointer dereference when a BPF program accesses txq in an xdp_buff, depending on the program’s expected_attach_type. The root cause is m...

Malicious code in link-csrf-cressida-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a03b5bb903e9590aaaa21b6b9e954bb7d9b7ff7cd16f69072646e6f56f766945 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antd-solis-rehype-levels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc6c2e86ed9bc0b6fa4dd7b9bbd2972e683c9e48b1caddf8cf4c85d9304f02d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vulcan-browserify-non-blocking-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f75a901684e76d93228851b85ee37e80b481a39a673e1769eefa38f79d23ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-semantic-ui-publish-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71fb1de6b922a4162887d97be7ff4e0e59a478a124163c67f61a729dd21dade This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dagda-jabbah-xenos-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4678aea84d3e17daf26a71a1227863e69cfc430bb5d394a840da880b8ae787a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141275 Malicious code in cross-env-umbriel-pyxis-nashira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7db902ee42dec10db64f6cd600074b6ceff82d76ba90373dce81b04e3ba617 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-plugin-markdown-mira-rollup-plugin-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59df9e16b1d88777561b0576f22280225530cc5984f4353928fdfe3d86100d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cassini-hexo-buffer-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 060271c2db1d4a1038098a84e59d8e87c5b7e3fbbbc7aed1148d0a49196c04c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144139 Malicious code in kaus-cluster-superagent-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e520fa894f85dcf5047f8f11da6df83734d4f0e4807024182938c2148739a349 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139786 Malicious code in avior-solis-grus-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1bdfdc7bb97c3e6f4552241ddd6ae1a7be05ef2b820b1547391c9765a70c08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...