8 matches found
CVE-2026-22865
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
CVE-2026-22865
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
Malicious code in manurung-poke41 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03631a0547e4cc127b5f4ca9eba0ba30948044ad7ee954580a124958fa52c64b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-66130 Malicious code in weekly_newt_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62734cd7f179833b9bcaeb8246aa165b31e6f97e3ebb099ab2b595c1cd82c8f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-50639 Malicious code in vera-peyek48-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6073fc534b9a7e2b4290fa0d2034adaff35af8c0318c03f6123f1ca7394143c The package vera-peyek48-miaww was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality
GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 inclusive can allow GoCD admins to abuse a hidden/unused configuration repository pipelines as code feature to allow XML External Entity XXE injection on the GoCD Server which will be executed when GoCD periodically scans...
Malicious code in esqtoolgetnvidia (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d451db70e96e1d6ce85d078d7967191efc4b78f0fde99b1157b3f34945b20b0e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in seleniium (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 57e23d7e61ff9ad57b53c8eaf276c5d14a226d7673cf17c6bf438a42d835ae88 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...