CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

CVE-2019-20483

An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...

CVE-2019-20484

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in...

Malicious code in vera-kripik87-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a3312cf16510ebfe179e02bd95d9d7703e411f94f3f6ebc30aa5a478c01b836 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137719 Malicious code in vera-nasi97-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf511f1d547eb01cab62764bb935123042597841b77f413802e79765a7ed7ff6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-kepok31-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b11359caf173a5874ceca310a5d680f9c47601f83778d8a47efcee0cc046ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137736 Malicious code in vera-semur4-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feeb023f51ff071f4eba171a313eda9ae92dd7bd049d585181340fff8d92bdbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137749 Malicious code in vera-toge58-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041ab0929c60cba0553cbb61ce954429bbf93a7ec49ce5d5ed3f0dd803b9756f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-takokak29-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1e2320e44b341df0fb64145af30d02f4852aa990aae86e27a4b76e337f29a78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-miebogor61-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e12e1138993f80d9bde1672db663aaf68acd04fefc9585db6784db29bd7d665c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-gaplek2-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9afb12114a16a0827f134bbd0195a6522a79bb0577a2944151d645294a610714 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-donat49-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d2d5cc1706a731f9dcf35d6bd0cbce97210406416dc23a902841ded221acbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137726 Malicious code in vera-rawon96-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba32736e814a288dc25b63a5fc37e30fefdd47e549c1bd1128b27f4cd74551c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-soto36-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd45c3aa56665ced560cb74a35cca9b9a9468bddbb928019a284365048b1ee46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137718 Malicious code in vera-nasi48-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f445f2cd3eca35df546cf37ea97c918758f35f1d7fc5c955b2b23faf3fe3547 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137748 Malicious code in vera-tempe15-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43c6a2d293ac06f4f4c2207c8454570c89c073e9c97ee6e42927e8810255f85f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137696 Malicious code in vera-gaplek2-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9afb12114a16a0827f134bbd0195a6522a79bb0577a2944151d645294a610714 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137716 Malicious code in vera-naget47-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 804cef029fad14c91bd2a0a2664dbebebd99f6dba76e9c539739af6fff8d5dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-jamblang72-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ddaac23346fc7fa5b18b23864fb0eb31d85ea24a7769296e16abdb3a5051881 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-bakso46-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20f0a14ed5f441a35dc15f4d79f478d0a434914b696c607c2aaa01f71555ec0f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...