13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kastra-perseus-comet-deimos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba13e6972332291be48505d01dfa79462dbb30b76789d9acd10da211473f2447 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in char-cat-execute-eta-authenticate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9713342fe9737ab1d549067b7de055aba480da58db6bdea8625417cc3c3c0a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in awk-encode-good-byte-uglify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4cca71a4491c633a2c7f274e3a868f88632b23381903b5fa7e387991ebc55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190116 Malicious code in ursa-readable-astrophysics-wolf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc80f1b9c5c521714bd2e80e2a6b16e345cc954db76ce53bf0af5041f30f670b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189630 Malicious code in spinner-uranology-terser-astrophysics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da7f5234df5681f13b658fb2fabff25e4b06dd41215f41a2a1bdc11964a46de9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188810 Malicious code in prettier-stylelint-astrobiology-loopback-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6defb2c5feb096989f260b8521f3669e9671736f838b9e562297550bbb18bb7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187309 Malicious code in heka-relay-grunt-gammarayburst (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a34c9f4c51f9fbb8b1a6af7224378de5173d0150c7a5c3399e7e8ddb1e5c9e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190445 Malicious code in zenith-cladistics-plutology-luna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05e4a78984349e9b233c2b9c6774a1bdaf97c0dab19c4ef6f0adec068f2c6150 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187674 Malicious code in kaus-atlas-aurora-promise (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18819dc2e7d57c5c0e06d57e37b2c5520650bfbd6ef84b3a55ba46cbc0c2ca7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188030 Malicious code in meteor-paleoclimatology-firebase-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a821cc361348d4284aa6f017dc34b7f3425d8f343062bed1071a8761fa8318c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185762 Malicious code in bash-xml-transpile-good-catch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c110031cbd21ee061558e5100a9248d1164f381595f8ccb51846f7926733560 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188615 Malicious code in permission-resolve-function-fast-try (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 459860edf67e24cf65eba1b81de8a35d10e8de00a10c131af68c3734515c11af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189889 Malicious code in test-star-web-zeta-minify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ee65ad7947ed824c06235e38a3aee5d27831c7878012cb2c3e1878731ccf6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187501 Malicious code in integer-omega-virtualize-star-meta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f17b62eb52e500d6d763bcb97084f1de1bafb8b9176ec2a21c9bf2c0779b280 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185650 Malicious code in auriga-parcel-soap-nashira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbe5b1c35448ad73eef103c3a367ab3cbf211d6af7d8138c9531cad4d079c357 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188596 Malicious code in pegasus-kinetic-betelgeuse-selenium (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1eeb701dbb42b94c86f002ac002aff1581d8e3f416669abce192f22f0f377d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188903 Malicious code in protractor-wezen-repository-quantum (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed5572cbba6910aff31d33872e7ebb22412069d2c898fa10089c3aa097cce407 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188754 Malicious code in plutology-release-it-despina-arcturus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52a749c6fc4371a3c2293723768a233f315f8ed6aed6c686b69a16951edb77c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...