20 matches found
MAL-2025-185253 Malicious code in tuis-kjt-garfuafaakvdyfimas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a83cb3bf727dd1ae8b0957f44ec4a7ab301f32aedfbfe78c927872ea47f9ff8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonic-oig-tmoerocnaca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a78815db86c598134d1d064ec5d190d96ada7a3b9e87376860c806273b1c905 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-cuekin55 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bcede3bd1901d2d9b3b5462bd693735a80ae9986173b5a7919a7c20e94a932 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alfiansyah-poke63 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 704fae2bd078ccba3987a560ddb4e41779f0d851f933fc4162e946d02f4ce9fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-151098 Malicious code in abang-poke49 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 265a3ba2a926350281bcfac9015ae95f6d67c9788f16ba49a0b6fd8e413bf6c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152110 Malicious code in aji-poke4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df14e4aa6aed135d0a26c74e249920ea76bba4084aea5a551ea4813e14185b1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in slamet-poke109 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06595dbfe70901918961a56092ceaef6483a5e1fd988d50e5805dc9f27641efd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143272 Malicious code in hercules-betelgeuse-build-release-it (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af8705cb1053e89ed2a14becdd01e0d3d70ae1c4a565c3176eac6a1bcd5fd245 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145245 Malicious code in mysql-farout-morgan-supervisor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d17d6cca1564673afeeac69a3122e8b70e262fad2863a5d0639b1f4bc676a74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-108363 Malicious code in sari-lengko14-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a96bd556a00d4e19f6d58fb4fc31b6fbca4aea776239e5fb8e3e0c781ebc02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-96571 Malicious code in shocked_coral_requirement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3e58284a479dd5fa4aaa9cea99cb16e9c02760cce2f00cf88833970dac9f88b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-94922 Malicious code in illegal_hornet_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a58f9cf86fed06fdb403292caa0e27f458c9a869159104a866de37af02715943 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-81057 Malicious code in rifqi-mendut96-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4073d9607ccd2088fa6ebbbcc6d4699bb45c1a46f8ac201178df3b2bf83135d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in scary-apricot-aardvark (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8cd334369bf2715f3c0b7fbcf7cdbbbc4cdf710e787729355e11dcba48c5a09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-64270 Malicious code in maya-kepok61-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183e2b8df5a6852bea85bd761236ea502dc35970b9957b182a5093d9bccfefef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-53725 Malicious code in irma-lapis55-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43dbe56911e418bb64830cf842db3931ca6f6ab03d393afe807510229e9f0693 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-54781 Malicious code in sari-asinan99-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870e344341628fa582c142f4e38ad950e286519699374696ac5da6fd5eddfd7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-25025
Malicious code in bioql PyPI...
CVE-2025-9052
Summary: CVE-2025-9052 affects projectworlds Travel Management System 1.0. A vulnerability exists in the /updatepackage.php file where manipulating the s1 parameter enables SQL injection. The issue is exploitable remotely, and public exploitation information is available. Multiple connected sourc...
CVE-2025-9052 projectworlds Travel Management System updatepackage.php sql injection
A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...