10441 matches found
Malicious code in afraid_silverfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccbe821e5c03fa6899f9e05f4443e56afbdf6b9d6185f504f5cbb08acea7127 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in whole_reptile_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 841b69b022dca1db354a29a3b606bcd7b4c58c22daeaedc65f5bf6f1f4cee5d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91699 Malicious code in vera-klentik50-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b1d3b217e3dcb2a98c6329fb78356354d9580ecbb2921f76ef7f80724efbebd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-86194 Malicious code in hadianto-dodol17-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b96bf6f6814099980dcd9e33c78ccaab79205a040bad0104795fad1163e2b5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in influential_albatross_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ed83ec02821c9903b7b98458496ed5eadfb3bb05ad8f699e8e900a8b4d3037 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-89384 Malicious code in patria-getas63-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5398a9bfaf3de2b1246cc03a19aa8606032eb2ac946270e31258ca3f9c421f73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91504 Malicious code in umi-tapai86-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b0f7e78003b4327cc72d1546a2678417a7f78db3076b9bd9d7e2394824b5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-83266 Malicious code in arif-gembus18-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a30baaea6406e8010d5c500b0d8db3a951cc443946c3eda82990d8f49f4fc3f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bella-tahu62-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6362cd6ca2e6c9fe2a53e3d990b47b3497faddebcb155068487c9d4aa76b843b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-rangi90-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8df1ba4ac4415b21f91595cee12d26b0aaa53eba546955b27d292a09b47079a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
MAL-2025-76970 Malicious code in bambang-teh12-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 539d326b8b78ce973c178cc72ea5a0ca1c8aab6799aa5209e0a4ff721ceaef42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lina-lepet72-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57054635caad9d9dc621f1edc61f850afa8cf2571c840af55e51a0f27fb83d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in qori-lontong82-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58731da5d51cf979f3b448a55b122c10758bcfb86ecc597877a2c8a1e60662e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-76857 Malicious code in andi-tempe15-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2004d468fce32be558925096d8b6cfeafcc0a90a021b7d569983ef389911258b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in biological_giraffe_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5bcae5465976c24198ec96e10a138805724da6951ba3e9744235ab38a43ceb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ida-lepet22-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b80d52b52e11d5091f352ebab9b07587cd530c65947910ca59f3d6f656fbbae2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-81543 Malicious code in surya-rangi42-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b883cc588e04920f64b18145d8ecbfc3205be2bd672789aa0b3d8f7b69f735c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-60994
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...