AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

Summary The plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless of ownership. When the schedule executes, the rebroadcast runs under the...

GHSA-2RM7-J397-3FQG AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

Summary The plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless of ownership. When the schedule executes, the rebroadcast runs under the...

PT-2026-28616

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The plugin/PlayLists/View/Playlists schedules/add.json.php endpoint in AVideo allows authenticated users with streaming permission to create or modify broadcast schedules for any playlist,...

Malicious code in antares-airbnb-cryonics-ionosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f462ff51cb6b5bf930c6332a8c3f2689d11ec2a616d8e008a83cd2b2d4dd667c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in protractor-stream-frontend-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0484f67f780b12ef69834da07acf3c1fdf3692c3ebaaf2e4cf41fd024ecdeed3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in remark-dorado-coronalmassejection-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c257d759eba4d91017038da2f152a2aa335339afacb98736807437b419377fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186793 Malicious code in epsilon-web-sun-test-easy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdd652b50760b6e4ee9f23c1e49458af2a6acd3de287e674fe9d08214715bc85 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185670 Malicious code in authenticate-function-scale-cloud-socket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f528c4889d7cc48c0ecdd516f266fcb56461b67b151309f56a99d332024224d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188514 Malicious code in paleoclimatology-nova-rollup-vortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02798c4c1a995a4759454c6aea2a564c68e1924207dd426345f7fed7eb2c815f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189643 Malicious code in standard-apollo-tardigrade-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40754cfd5d3acd3d0b0766de8c414360da01d745f7dd08b9ca8e853ae6750b6d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190195 Malicious code in vuepress-update-canopus-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c0ba2e936fb4ba21ad01bbf840125a863fbb501192f3e88e43e962473e8fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187780 Malicious code in library-kronos-start-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809337d37e779bd9ce52e2cddd68c7fa1c0fb249e9ba2dc8d1c9655e1e3eea5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185944 Malicious code in bunyan-carina-adonis-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfd90301f6cfca4ba49757fabc76efdf61ea2544c98f1598ccec6338b083fcda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flights-lutuig-adifailo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808a0e43959ee35c1b467f49e1d71dd847bcca8ec40ba97188eda9409353bc39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in itale-adci-aknkonyunaymhentgdti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fceb9adc0ae446889fcaeccdefa3fd2a02a982245908f0419710bd481f4dfa30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in odasv-knilu-bofavaunun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03bf4d2991ca6ad4927724b4c282268d998bc3c680d0bc2277463d3be66a740 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sonic-kag-tgivcb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef9af6dc54f395ebaf0243fb570ca5085ba33aa4b6c04f0af5a1d09ecc59c986 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in itale-adci-yafizgang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 115513152ddff737f2cc76267e2527a958ddbde19cae689c1e94fc8bbf4e70ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185087 Malicious code in sonic-ks-fudifaja (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b3e5697628c26d9330b18c8bdc395c3a6af70162d4651015bd7e7b6cfdfbb31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184765 Malicious code in one-kiat-ibudavrda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 754492b1e111d36a2e4e8437b6e7da80e0c598fee24dd8be639d8331f32e32ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...