25 matches found
EUVD-2026-36418
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents
Artificial intelligence AI systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. I...
MAL-2025-185678 Malicious code in authorize-omega-earth-abstract-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b37e4245c69163fdc9865e5df8850709887150c4fa34928d8f0fee271852eb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-173477 Malicious code in buta-fna-nafifagffa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9da2dd6c6cb78147341ec673f44ba1a717165addc42f09fcdaef038cbb166399 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in qori-papeda29-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53e728c9062bc0f5dd023c5995ed19593b9919c653ce1a33469ad3cf40e9d8b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-94353
Malicious code in variedwolverinez3n npm...
Malicious code in varied_wolverine_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bb442bf2af919246b8358c7b0b678aa1bb494e7c81418354d32b0ce04427800 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-88117
Malicious code in variedgalliformz3n npm...
Malicious code in varied_mosquito_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 267bc0ae0432a344a48cc451a6bfe4c17c4235f1ff8ac950b11b5567f8387888 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-75296
Malicious code in variedcrab-notthedevs npm...
EUVD-2025-75294
Malicious code in variedpossum-appteadev npm...
Malicious code in varied_crab-notthedevs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da6027e7c412e189b9cc959c2d4790728112487266e81cc91809011d782e5a44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-77987
Malicious code in variedmousez3n npm...
MAL-2025-110348 Malicious code in varied_mouse_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b75f67668ed5a938e3a2ae1ebbe6a49fbced1d155cac8f67c75a529f2045c4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in varied_stork_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e09b15b5287d21a35df5c941d7664defe6dbe230f45dd9197ee1dd680218ad8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-96087 Malicious code in proud_iguana_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e3c2c00f31af61aac488526fd4f83d40a5df361f75c3baa7d7979e9aaa9a52b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-65593
Malicious code in variedturtlez3n npm...
EUVD-2025-51242
Malicious code in varied-red-yak npm...
EUVD-2025-51243
Malicious code in varied-copper-lemur npm...
Malicious code in varied_mastodon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 893930a37ceddf429cda4bf02928ef4bc936c988695ed7a66bfefa72f66de318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...