Malicious code in bella-ubi90-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25c59f6189d5a371e50daf448c75f08c5c085f9727a6910c60f2b21790f4693b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113033 Malicious code in cici-lupis97-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d24a318d6777aab6920f7249d9588ebf4a78b80131b31eb8ac120e55e05327b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in familiar_bison_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41b98204f1e842b8593a670479b85a9f1068bdf2854197be8407de563bd45a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-9223 Command Injection

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

CVE-2025-9223

ZOHO ManageEngine Applications Manager, affected through CVE-2025-9223, versions 178100 and below, is vulnerable to an authenticated command injection due to misconfiguration in the Execute Program/execute program action feature. The vulnerability allows total command execution with HIGH impact (...

kernel: bpf: put bpf_link's program when link is safe to be deallocated

No description is available for this CVE...

kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpfprog/attachment RCU flavors Uprobes always use bpfprogrunarrayuprobe under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF...

kernel: bonding: check xdp prog when set bond mode

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpfprog/attachment RCU flavors Uprobes always use bpfprogrunarrayuprobe under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF...

Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability

Improper access control in Customer Experience Improvement Program CEIP allows an authorized attacker to elevate privileges locally...

Malicious code in dutch_meerkat_amber-65 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90488e88f739b4039254d196e32e421d886cab3a6ba3653257880cf78da5416f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101502 Malicious code in dfgerc-devapptea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c650a09be866cbb516e8c5a8249ec18ee0ef2743e1a8c0022ab5a9c155547aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107173 Malicious code in powerful_turkey-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77b4486075440c4a7505c80dcba1f8e6b6aaf107d7dedd382386b15d1f617d5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104546 Malicious code in jewwei-devapptea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bccb063251a7cdb4fb328e08eb10b73d83b8b5ea15e55420766578a85cc2c77c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in digital_minnow-smiletea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29b1960455c2c904bc4ac82953651e0080f686668ff5b660fb29a3bfa3869369 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in garduup-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8584f5c4ea73be1cb26aecedf5ee168a7dda217898e98c7d69d155385fe98db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in depressed_newt_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ee7d75c9c761b1154b0d07c1f2c72166992ac64d19d668843842922318ccab0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101406 Malicious code in devoted_chameleon_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42122ad2a1d8d3451c3f93c1dc61f10cd036e2ecdc4c3ea61cf34e3318cdd8be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in misleading_prawn_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcce59992cf235631827b756e092c5f589e135b799f6fb049a06c19d9dc32798 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104131 Malicious code in indah-sambel1-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1d75a9dfd92a48a13525a094f8612330125c9bc520bb5218a2f3644759e3b62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...