5077 matches found
EUVD-2025-116938
Malicious code in acamar-arcturus-procyon-csv npm...
EUVD-2025-113324
Malicious code in galaxy-csv-middleware-levels npm...
EUVD-2025-114768
Malicious code in csv-build-rigel-superagent npm...
MAL-2025-148545 Malicious code in terser-webpack-plugin-csv-transform-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea2dba0f2f9be6ad4f163dc677a2d1d35025a99545cda5729227a326971c4bc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144818 Malicious code in meissa-nightwatch-csv-publish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf16775a922ff209eef6415af4c39eccd0f1777820ea77c8cb9fcd70f4c9295 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140976 Malicious code in commitlint-csv-auth-oberon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38ec831b063c5df584e2cbbebb9f222f1a0f88cf465297439c89873f5634853 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146135 Malicious code in phenomic-javascript-remark-csv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 315149a5727b357bfa3b12aeac62126a15734f48ad61a49ce8b7ce4875619e01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142215 Malicious code in eslint-csv-galaxy-protractor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd45e16c796e796ce2867f6edaf3c1ecb8afd063eb8315db7cf688fcfe950107 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-145533 Malicious code in node-sass-csv-nconf-algol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 523cf84acb42076535525f5ee44480f13fc5d4564b1c0479f949ce1be4936ca4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eris-miranda-csv-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08de3a8d81298ce8a508487d4353acf11b5e3fed26f67cac0a62919a1ba1851b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-113283
Malicious code in ganymede-xenon-public-csv npm...
MAL-2025-142788 Malicious code in galaxy-csv-middleware-levels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 265a90c0ed8d48568ce28902e224b77e7b8d7911333c8d1ab524cabdb671285f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142072 Malicious code in envconfig-csv-build-chai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa540d749d3bafec4df5a69032f942824402ebe3bf915276f5f9071e5251564c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146923 Malicious code in quark-csv-draco-procyon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9080c335f4716783b757edb5e4194b3a55d2cc2f22771bd3c9e86bb62589188 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-122800
Malicious code in registry-csv-corvus-mocha npm...
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
CVE-2025-12042
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...
EUVD-2025-38359
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...
CVE-2025-12042
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...
CVE-2025-12042 Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...