MAL-2025-144540 Malicious code in loop-yonder-betelgeuse-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1c945f5dae18315f4787680fe0df2b8745a6117d6af0a32e4b1857099ceea2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139647 Malicious code in atlas-karma-sync-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a3aba52d0957eacf7f9cb58860dcaaebcd83e86487cc6f8cf730279da91a6de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141159 Malicious code in corvus-luna-chromedriver-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc57845ad897dab7e51dc698f8f4a85f4640e5b4759380e4673f476f8d7a59f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144041 Malicious code in juno-sync-middleware-ini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5262c9aa5283b0187448f086b75b73d09c9b6329b9468931b0f2d7e353f198f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140667 Malicious code in changelog-cosmos-sync-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596a89477e8326b81d0f5d1350fde952cd637ffe72226471a186f3f7cd3fe4fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148971 Malicious code in uninstall-sync-apex-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 189409f4dc200c6e26d27168dc6d08f0262204ea0a085b6a5af402e6a94c250d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145060 Malicious code in miranda-sync-despina-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ddac1488fe65453e57b62caf85d562e3e2b5eda8fc296fa78fca7fd5046bbbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143753 Malicious code in izar-cassini-ursa-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844171ec081664cbf20fd1c8c743f71ddc8ecc7ef40ef3b54fb7c6215ede00e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145953 Malicious code in parcel-carpo-cypress-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51611f11cebf50b4cdacfccdd2e1979e08f8252c810d6cd9c4f167da72720ba9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143156 Malicious code in halley-mysql-server-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ff79e54f23575a8eaefcecf238fe02a47095af96770878b4d382e9964a3475 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146373 Malicious code in polaris-sync-procyon-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1434d4b6bbcde4dcf7e4fa46ea40212da7acbc15f97dd7d0c59b9c7366c8048a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in...

WordPress Plugin KiotViet Sync Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...

RHEL 10 : kernel (RHSA-2025:20095)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20095 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: xen: Xen hypercall page unsa...

PT-2025-46143

Name of the Vulnerable Software and Affected Versions HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description An external control of file name or path issue exists in HBS 3 Hybrid Backup Sync. An attacker with local network access can potentially read or modify files and directories...

PT-2025-46141

Name of the Vulnerable Software and Affected Versions Hyper Data Protector versions prior to 2.2.4.1 Description An SQL injection issue exists in Hyper Data Protector. Successful exploitation could allow remote attackers to execute unauthorized code or commands. Recommendations Update to Hyper Da...

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...