3766 matches found
EUVD-2025-178404
Malicious code in init-parcel-run-script-hugo npm...
EUVD-2025-180513
Malicious code in acamar-prettier-stylelint-run-script-hapi npm...
EUVD-2025-176899
Malicious code in pulsar-run-script-process-io npm...
EUVD-2025-179822
Malicious code in centaurus-browserify-run-script-interferometry npm...
Malicious code in redshift-run-script-chai-koa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5286f36483bbe7228cd4a81c89c18519248a77be151e2d05f127fcabe320b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176760
Malicious code in redshift-run-script-chai-koa npm...
EUVD-2025-180341
Malicious code in arcturus-nuxtjs-cordelia-run-script npm...
EUVD-2025-176863
Malicious code in quantumfoam-run-script-troposphere-halley npm...
EUVD-2025-175734
Malicious code in version-aquarius-run-script-nova npm...
MAL-2025-185549 Malicious code in arcturus-run-script-hydrogeology-gatsby (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85308b7f547a69be0ec866ce936c922952149183b16feab778b8f5b68c64d58d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Generex UPS Adapter CS141 Authenticated Remote Code Execution (CVE-2022-42457)
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh. This plugin only works with Tenable.ot. Please visit...
UBUNTU-CVE-2025-40116
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...
CVE-2025-40123 bpf: Enforce expected_attach_type for tailcall compatibility
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
EUVD-2025-113126
Malicious code in got-run-script-proxima-await npm...
EUVD-2025-112914
Malicious code in hapi-run-script-draco-hermes npm...
EUVD-2025-121687
Malicious code in sqlite-run-script-transform-cordelia npm...
EUVD-2025-122381
Malicious code in run-script-charon-rigel-koa npm...
EUVD-2025-111772
Malicious code in less-non-blocking-run-script-xanthus npm...
EUVD-2025-122374
Malicious code in run-script-mysql-antd-csv npm...
Malicious code in got-run-script-proxima-await (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa04a34a8e56c5c772f14564f419592876e974653aa8279f0dfc3c83c0256b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...