13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in seismology-jabbah-exosphere-mini-css-extract-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c45e15fb1d80e15c00756ba9c83738595f758665d0520bb6e276352be59c01b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in paleoclimatology-eventhoriz-areology-higgs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69773d9a5c3889d618b425370e12b0c6366104d947651f8e479e7215d1ddd1f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lyra-warp-dactyl-interferometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0443e66fbe5e2851fc2339642f366487cc1173568243d8b77eee088e5e787a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mysql-quasar-nodejs-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ebd850e11f96234af50b605f1a2c8caa8de160561576373c59874ee07222b79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radiant-cross-env-neutrino-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aadfcd3521c85f083a4e6d18c4f8c6278368aff470db93bea8a5a10d451720be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vuepress-auth0-meteor-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e3abd4857b3587cf1ea5f38d4882fcf6ee464d5b448188b97a37f8487635164 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eclipse-triton-avior-yonder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e452f33f4d946135197dd190e23dc7ccad92501decc88c03373713cb28a1fcb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jupiter-fork-axios-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d618233585daa02221533466a8b12423cd094f4adae74b7a5095bb9e211871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in metalsmith-json-husky-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 478b97c7a91f7c4306ed3e704e7d987f5ad1bfcf878a6b3f756ab08441f24198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sed-promise-book-sun-lambda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 487591f91c88820f45d772a5bf89be52c050f84212384436653e93167d3682bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in antimatter-celeste-meissa-cryptography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d037036ebf23d884cfa774f83f05be5e6f54db51f57b71abb7497b085259edab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fornax-materialize-sails-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e47cd906f3eac5ef7031e9e276accc0a01baa2d72f585d855e5404f4ed629f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in virtualize-kernel-string-cluster-mu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d02c544b6174c41d110ce11583c5dba92e8bbbef11967198039392a66f0ce6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transport-xanadu-delphinus-achernar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beb9f2ccb9d5c8590e1737a03651014399d524be681aa954a7567bf8f1ab7a93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sed-sigma-mock-finally-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f0a41fd08cfcc94af80445f4cbcacf1f1a3025d1f4d341f2ade3f5e5609b5c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in achernar-elara-flare-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71604e145a0b1443f49a3500745d187e525fc1f9757d251712ef14e8943f17f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cache-cat-index-async-small (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7e9349b68caace5888139d6b847199008fcdcf3f6ecac1191d7bf29cd1b8790 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cold-hot-beta-log-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a7f8a4e041fa30770c77c28ed0ed77e8a0b512d546aac9d12dff4a25c02072 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...