13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in toml-apollo-materialize-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e9f49e2bebc95df8cd832e85e4c59762a5d447566c87737a0b06568fcf2cbd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transpile-bundle-upsilon-decrypt-secure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43f3b2cc46e9852ad1e5d13517a2fc8779647fdf4b1bb64c894398cade68b86f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fomalhaut-ora-cybernetics-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9964b1a5f5727aa60a83b521fded36b2099112209577c7f81b7be40560c99fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unuk-eris-paleontology-spectron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9329444c67fce09de6e11e7173d8332d45be1f00838ad069f07ca80098b44820 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in metalsmith-postcss-loader-magellan-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69fe8b0cbdd771e61ac7089387c9ddf8f95515c70c04cab19da6ce8437c56206 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-futurology-concurrently-sqlite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efbb777c4ecbb465c34933492afb7944e16fe82f30adc44c0d9332b2cd1a299f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in char-cat-execute-eta-authenticate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9713342fe9737ab1d549067b7de055aba480da58db6bdea8625417cc3c3c0a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in magellan-vega-phoenix-hydrogeology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f2f66ecbac6b74c3a512bcdb85aaa1cb1f53a2ff5ad66a411a8b5dcfd3d8bd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sudo-yaml-virtualize-encode-pi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472230c24a499cc530e4f6f10d962aeb1fe1c8006af18fb249913614d62012a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jupiter-fork-axios-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d618233585daa02221533466a8b12423cd094f4adae74b7a5095bb9e211871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cosmogenic-astroinformatics-mesosphere-soap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f5567535a8c7e5a16a20da17662eb0990505e3a08147a910886879f3674c79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in metalsmith-ganymede-gravitationalwave-biogeochemistry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd371531b6504d7302f781d1d49aa918cc42e03fda931b017ec70b39844a114a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pipe-cloud-try-assert-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd568cad8ce32be5229100a77795fc873913ab9e69eb170a41cfc941c01ef28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187511 Malicious code in interferometry-paleoanthropology-innercore-seismology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5111570fb96c1ba759d258ad82f85016f3ea249aa5656e2e525ebc6cfa974bbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186638 Malicious code in draco-cygnus-repository-aurora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd48d72c64c9fe1b6b0f79051ba805240b950b7b00b9f6379eaaa50d6ef54319 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187021 Malicious code in fork-omicron-socket-easy-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dec83f01fe45716ab73eaf8f7a24f32dbc73e07c2b87df02a03f006c0a81c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186288 Malicious code in configstore-quark-sync-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30c3b67083ef101f23672989003756131308861e71de005811d2edde2b5f3f8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187886 Malicious code in lynx-phoebe-alphard-betelgeuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2cd983e727858c5619e228460839b31779706d69bbc1d9105c52641e3992bb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...