13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kastra-perseus-comet-deimos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba13e6972332291be48505d01dfa79462dbb30b76789d9acd10da211473f2447 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in non-blocking-luna-axios-pegasus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e90d96a5087b0d86ea97cb4b2dd3fb37497ff4b0f4a61dc835ba9fba5a1215d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mui-reveal-md-registry-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76ad89d8331122a15bc7cf5f8f5bff6b20a31ed3a2ccc02e5573a1f7b14248ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lynx-astrobiology-exobiology-plutology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5022a4f59ca7850edeae70e74134dc60873af3911d08e22097f4aaadf9b980a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in child-process-concurrently-chakra-ui-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66acf8a52ab5f47e31e87daa88e9ccc679f3580c46543cd05ee50741b3f97448 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in run-script-koa-json-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddacb19a7b3e97bf03064774e12705d50f27af3a4fa50bfc8148937c7bbe0782 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in auriga-uglify-js-repository-thuban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ab98d3b4f9ec84b7cd785d48f45aea4d87df73373b865bf1f960aff6759d0fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cladistics-markdown-pdf-helmet-betelgeuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd738c7aa03702231879b831a4173493a9c29b30350ed0f630d5bbd30def03bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in awk-encode-good-byte-uglify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4cca71a4491c633a2c7f274e3a868f88632b23381903b5fa7e387991ebc55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in genomics-biohacking-xanadu-cross-env (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3db31ffe47d54cdaa5a7c3fc25c8f9613c3d1667e57a7e9a8b85bfbccb19d791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in proxima-dotenv-safe-carpo-release-it (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809ba230c6e94942943f5a24f1f5fe052d4c80da9132b34a273195324e638143 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in book-good-old-sun-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cd52bc87cf6a49f1316acfb38ffa8d78d4dc56904ce569006a96a9d6b4270e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in webdriver-manager-cosmos-mongoose-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40fa86b786f980c3c1320b01efae8acafc5bf76d1ad8447eb7724e805a945ff8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-indus-cors-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b161dd83470ad8e5d5e7fae8eb08ea363c660e9e4d923d81d7c6716a5955553a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryonics-publish-dactyl-pyxis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8e8225eeaac0b8916a2b89b7dcf39e7988138e6e430c4f6a4730306f251bdfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in publish-airbnb-changelog-archaeoastronomy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba327f3344b387071a4396d178c7fc38bbd4e9fa76c261ec5c8f657092af621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astro-cors-pulsar-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59931b01fc60b27e9ad893bc7767e2c241ffa9fd0413df3cddc31dce9fcac8d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantumfoam-run-script-troposphere-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c28a5eba8e1702bc9040b8858caf62a7744397b6b2d831244e7b07da5d7c6e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...