Malicious code in tealove-aruma15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1e0a02f2dcf311ff592b1bbdde3c2e8769ad944c33a07dc96c3e663f60b7ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in madan-poke43 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 095401287eac283af5876663379735f7f55ab204635c0e5dec794aaa0b8188b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lookingan-namala97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13c4370d6e67d863d5f244f34cadba40b5ebd4186f563e33ffbad73fdf217534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mutdaufs-marimasa-nutat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4232a11ca7828ee10c2025c7dbe334b5a00b27d8c4a95c71fed8ca76981299e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cinta-69 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5dbb846799b5179c558dfbcc9188aefcfc4181fd55d7780caf8903601d53d68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154612 Malicious code in dian-poke76 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528c488b13591ca71ec96a76fcee462fa09feb4f3e05acef3289e68c2c12f950 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169598 Malicious code in uarg-mitauifahai-sufeua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b5f6036d4ed025d8d79e585a633823cf8e1b89b7d47667bcdef6110538bfef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lintang-tea93 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b61ca3e1c59ce28728de34beb8dbac8972455d95780f068af223f5047e02d56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rino-poke88 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c252c09b1b7184b871c5d1e10921422c31764ccc36436f88172454b3679c32f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nabuf-otomabin-nojagu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68482d81da8b27b87980c467fc18173de06c50b71b2d41ebf57c689fcc702e63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154351 Malicious code in diago-kalop-kalosubsa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ef79f3c5f0f6a3fba0b4b5548a8cf14573d7eb2c35a7aacc7b1f1874b6f0649 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-9223

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

EUVD-2025-124960

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40169 bpf: Reject negative offsets for ALU ops

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check...

CVE-2025-40123 bpf: Enforce expected_attach_type for tailcall compatibility

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40123

CVE-2025-40123 affects the Linux kernel BPF tailcalls in the BPF subsystem. A fuzzer found an uninitialized pointer in bpf_prog_test_run_xdp() leading to a NULL pointer dereference when a BPF program accesses txq in an xdp_buff, depending on the program’s expected_attach_type. The root cause is m...

Malicious code in antd-solis-rehype-levels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc6c2e86ed9bc0b6fa4dd7b9bbd2972e683c9e48b1caddf8cf4c85d9304f02d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in link-csrf-cressida-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a03b5bb903e9590aaaa21b6b9e954bb7d9b7ff7cd16f69072646e6f56f766945 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vulcan-browserify-non-blocking-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f75a901684e76d93228851b85ee37e80b481a39a673e1769eefa38f79d23ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...