Malicious code in complete_beetle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b793377f05bc4aff1944b1c97b6f761ecabda187916c2b0f112234cec0a9c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92689

Malicious code in completelemurz3n npm...

Malicious code in complete_lemur_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8e58133dd7e41c49f311a0162e52898d29daf70de4fc515a37a15655d23026e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92688

Malicious code in completespoonbillz3n npm...

MAL-2025-100766 Malicious code in complete_earwig_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd1f55f2a9f5271cbde624716d64514c54ac6420bbec5041bddff53d226728e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-79579

Malicious code in completezebraz3n npm...

EUVD-2025-60935

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-12658

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-12658

CVE-2025-12658 affects the WordPress plugin Preload Current Images (versions up to 1.3). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the complete parameter in the preload_progress_bar shortcode, caused by insufficient input sanitization and output escaping of user-supplied attrib...

CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

EUVD-2025-55285

Malicious code in complete-blush-python npm...

EUVD-2025-55282

Malicious code in complete-tomato-tiger npm...

EUVD-2025-55283

Malicious code in complete-pink-snake npm...

Malicious code in complete-blush-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8aed78f35a70414a461899bc1a1e0d81bd66ad02adac8a6307adb1c2d8c6342 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-67364 Malicious code in complete-blush-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8aed78f35a70414a461899bc1a1e0d81bd66ad02adac8a6307adb1c2d8c6342 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-55284

Malicious code in complete-moccasin-xerinae npm...

PT-2025-46418

Name of the Vulnerable Software and Affected Versions Intel Ethernet Adapter Complete Driver Pack versions prior to 1.5.1.0 Description A time-of-check time-of-use race condition exists in some Intel Ethernet Adapter Complete Driver Pack software within Ring 3: User Applications. This may allow f...

PT-2025-46286

Name of the Vulnerable Software and Affected Versions Preload Current Images plugin for WordPress versions prior to 1.4 Description The Preload Current Images plugin for WordPress is susceptible to Stored Cross-Site Scripting through the complete parameter within the 'preload progress bar'...

Malicious code in complete_mockingbird_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b157f7a6d43222019638f19f8317d4a6c76a6a613a14986d9290b200fc1ee429 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-50532

Malicious code in completemockingbirdz3n npm...