73 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
Malicious code in polymer-gibogagaa-agka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df813c17c790a515379693b453fffb5e933c8f1b2e6c3bcde717c0bf46fae040 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mutation-rest-mongoose-castor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0a079ebfbf35826223a4ed7a0397e374dfc04468205ee22c2a20a8b5d25fda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146020 Malicious code in pegasus-centauri-dione-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b742451b800a6b6c6ee2cb011daacd235a1ffbe76cd4d01bbc2640ba05c37405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-129256 Malicious code in oktafian-tempe85-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70bf5575662d4fc1bafb5f55435ccfd3823340e52c95fe09502b911ae47bcfca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahesa-getuk5-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e561c58bb33a9dd5f0f481614e37f42faf159e3d85958eee6a80b4f654d5e567 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-94670 Malicious code in gentle_bear_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da52d70f9de6ded210e5fb260ed6a551d024a0f032ce7725cda1f123e3e38abd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-88320 Malicious code in massive_tiger_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43330a9bc9bb9f58780a5370bc06e548032cfd570e3cebfcc48814e2de8fadd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79935 Malicious code in mature_zebra_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2fa0d856fdb3ae8d18914df94154506b9206f9d86f554bc185dc03d263c740 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bayu-semur18-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7be6324072ade5c9d2031835fa39c433a39cfbca0e050860a32a09971206c299 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-69092 Malicious code in legal-beige-sturgeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 829bb8083bbec221b4db7ad2fa7d9a4cd5c1fa67c4d6d41dfdf610456f0ac045 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-54812 Malicious code in sari-mieaceh100-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 454ecef55b6c0bedbe87702e40cd257c0ebfb3c2039219a271023cdba804a3b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
RHEL 8 / 9 : java-17-openjdk (RHSA-2025:18821)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18821 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security...
Moderate: java-17-openjdk security update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 Bug Fixes: Since the 8.8 release of AlmaLinuxand the 9.2 relea...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...