Lucene search
+L

8 matches found

SUSE CVE
SUSE CVE
added 2026/03/26 5:7 p.m.5 views

SUSE CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS6AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/02/19 3:17 p.m.2 views

GHSA-9PPG-JX86-FQW7 Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

5.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 3:17 p.m.15 views

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

5.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/12 4:29 a.m.4 views

MAL-2025-144935 Malicious code in meteor-semantic-release-inquirer-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09d1b5167b18e8d059fdc524c027f92ebfb7134ffd5ec7a564dea081c41e2869 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 7:16 a.m.4 views

MAL-2025-106639 Malicious code in okta-lutis35-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d045b705a2e344682252b124cfd1dd26bf2fb74c064d497afe7e7391ff9b063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/10 4:40 a.m.3 views

MAL-2025-52120 Malicious code in kiki-lapis22-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd98f4c5ec1fc03f3eda36f4f7b61b04a356f10a2d31fda18798ad7a9c2b6fc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/10 4:5 a.m.3 views

MAL-2025-50367 Malicious code in fadhil-keripik41-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81d7f2345ddd8c567fff75e18c373d32539ed4ab1de5fa390da3a1b5abd554ea The package fadhil-keripik41-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

6.9AI score
Exploits0
OSV
OSV
added 2020/09/01 8:45 p.m.11 views

GHSA-PV55-R6J3-WP94 Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

7.5AI score
Exploits0References1
Rows per page
Query Builder