Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0073-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0074-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2026:20318-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20318-1 advisory. Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea...

OPENSUSE-SU-2026:20318-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in 879 - Add repository...

0.2-ui (=0.0.1), 0xgank-tea-advice-pull (=1.0.0) +15856 more potentially affected by CVE-2026-27606 via rollup (>=0.10.0 <=2.7.6)

rollup NPM version =0.10.0, =2.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on rollup and may be impacted: - 0.2-ui =0.0.1 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory...

CVE-2020-37012

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2020-37012 Tea LaTex 1.0 - Remote Code Execution

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2020-37012 Tea LaTex 1.0 - Remote Code Execution

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2020-37012

CVE-2020-37012 - Tea LaTex 1.0 Remote Code Execution Affected: Tea LaTex 1.0. The vulnerability is a remote code execution flaw that allows unauthenticated attackers to run arbitrary shell commands by crafting a malicious LaTeX payload and submitting it to the tex2png-based API action exposed at ...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

Crazy Bubble Tea App 安全漏洞

Crazy Bubble Tea App is a Pearl Milk Tea ordering mobile app from Crazy Bubble Tea, Poland. A security vulnerability exists in Crazy Bubble Tea App versions prior to 915 and prior to 7.4.1, which stems from the server not verifying permissions and could lead to the enumeration of the loyaltyGuest...

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2025-20118-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20118-1 advisory. Changes in gitea-tea: - update to 0.11.1: 61d4e57 Fix Pr Create crash 823 4f33146 add test for matching logins 820 08b8398 Update README.md 819 ...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0453-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for gitea-tea fixes the following...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0454-1 Rating: moderate References: 1251471 1251663 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

OPENSUSE-SU-2025:20118-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.11.1: 61d4e57 Fix Pr Create crash 823 4f33146 add test for matching logins 820 08b8398 Update README.md 819 - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by html.ParseFragment when...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0443-1 Rating: moderate References: 1251471 1251663 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

Malicious code in webdriver-manager-parcel-innercore-redgiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2f785d53eb57cf7662b6f998c6b059fc8dab31a64d5eb9fe8f614df352667b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in levels-lacerta-entanglement-entanglement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16642552a6d597c86591a4a1cbb8f43b1ad3684cde6618a09349b8f72810b1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...