@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0073-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0074-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2026:20318-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20318-1 advisory. Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea...

OPENSUSE-SU-2026:20318-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in 879 - Add repository...

0.2-ui (=0.0.1), 0xgank-tea-advice-pull (=1.0.0) +15830 more potentially affected by CVE-2026-27606 via rollup (>=0.10.0 <=2.7.6)

rollup NPM version =0.10.0, =2.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on rollup and may be impacted: - 0.2-ui =0.0.1 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory...

CVE-2020-37012

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2020-37012 Tea LaTex 1.0 - Remote Code Execution

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2020-37012

CVE-2020-37012 - Tea LaTex 1.0 Remote Code Execution Affected: Tea LaTex 1.0. The vulnerability is a remote code execution flaw that allows unauthenticated attackers to run arbitrary shell commands by crafting a malicious LaTeX payload and submitting it to the tex2png-based API action exposed at ...

CVE-2020-37012 Tea LaTex 1.0 - Remote Code Execution

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

Crazy Bubble Tea App 安全漏洞

Crazy Bubble Tea App is a Pearl Milk Tea ordering mobile app from Crazy Bubble Tea, Poland. A security vulnerability exists in Crazy Bubble Tea App versions prior to 915 and prior to 7.4.1, which stems from the server not verifying permissions and could lead to the enumeration of the loyaltyGuest...

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2025-20118-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20118-1 advisory. Changes in gitea-tea: - update to 0.11.1: 61d4e57 Fix Pr Create crash 823 4f33146 add test for matching logins 820 08b8398 Update README.md 819 ...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0453-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for gitea-tea fixes the following...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0454-1 Rating: moderate References: 1251471 1251663 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

OPENSUSE-SU-2025:20118-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.11.1: 61d4e57 Fix Pr Create crash 823 4f33146 add test for matching logins 820 08b8398 Update README.md 819 - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by html.ParseFragment when...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0443-1 Rating: moderate References: 1251471 1251663 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

Malicious code in polaris-publish-vortex-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebce85812e6fc46ef9fcc86a5c7993e6c77bffb1288c327defb1b194eb04254c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...