PT-2026-43158

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin version results in os command injection. The attack may be launched...

Malicious code in filament-axios-node-config-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01b4ca708c825886f59edaa9b7603233077a52e4be38ca0410b533b306826913 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lambda-transpile-gamma-omicron-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f99f0348d7e173dc7912d39e05ba519748d07e0d15a2ed0eb9e7b1a0fef1428 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in exoplanet-genomics-thermosphere-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3eb6aa62f0ef2efdeb2e5a6edc6dd0fc792ad8dd18cec6011451d9b9b53b6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186345 Malicious code in cosmochemistry-gemini-release-it-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41718fd69b8698a75fab60d886012af544c433ee2dc1ff773bf84cb35cfa684 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185893 Malicious code in bootstrap-solis-bulma-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3c4b90b728e10c24b350f3bbaa8da21ea46f25f548e1c3a7dbb67672704c24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-semantic-release-chalk-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f76b381638ad18356b8c8d18b10785d541bf3b50f7d3ed0032bd37f205212b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in index-chi-grep-nu-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 946e14211b226c9fbfa8034384b11c7e0a59c7788f474de387a9830d62d259bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185424 Malicious code in aldebaran-thuban-gacrux-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89edf3df3532bb49c2c76748f619d106892eaa539e1416145739aa8a307a1f0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185969 Malicious code in cache-simple-awk-sudo-class (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 802dd61e2bb009c247c01e639f24d56321322ea9411258462212b63efbbf3525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188606 Malicious code in pegasus-scripts-antd-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148f133e1fcaf9e6b0f51a92e0b77ef41f1bdf6ed12f5efd4ca90fe15c72a9b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187449 Malicious code in index-chi-grep-nu-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 946e14211b226c9fbfa8034384b11c7e0a59c7788f474de387a9830d62d259bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190479 Malicious code in zeta-lambda-abstract-eta-secure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b820d228c75228585ef00e24bee4183f5a0dff3ec86ddc4b9cc4727395b97ed5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rain-theta-thread-star-simulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3986a9a02494b35678a795f640466720c5fe1b0abe17f68d5b83e94604660e84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188504 Malicious code in paleoceanography-sedna-axios-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 417a4d25dc5489d82b9a2aaefcffbab73253602a3712853452dca2b81765fd6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in scale-compress-minify-wind-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74cf00479e7cd2290e4a0ccc2c84047c9a059d424a668bd7c886f48e901c9c1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186369 Malicious code in cressida-jwt-loglevel-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fermion-solis-wezen-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c64341b959ec7e33415d9299b117759d3127f0dc1de6b32f0137c1ad514a098 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in superagent-planckscale-prettier-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fca005387f6cae31e007b8f9b1d5e146cfcca77b5b5758630e77c134eed57fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in void-exoplanet-ganymede-geodynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c9a2c790225f2e208964e0a25bd71c0f64b5307be9ad53a6361c7098f046d5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...