331 matches found
WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...
ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +3602 more potentially affected by CVE-2025-70974 via com.alibaba:fastjson (>=1.1.15 <=1.2.47)
com.alibaba:fastjson MAVEN version =1.1.15, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.3.0, =3.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2025-70974 Source advisory: OSV:GHSA-JM7W-5684-PVH8...
EUVD-2025-175800
Malicious code in update-dorado-farout-draco npm...
Malicious code in dorado-hexo-sqlite-postcss-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a4a93ae9c0b359cf320351a3af5fd7016688cc60265a5c221a86d43cd0faad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178801
Malicious code in gacrux-dorado-impulse-test npm...
EUVD-2025-175488
Malicious code in xerxes-paleontology-dorado-pavo npm...
EUVD-2025-179062
Malicious code in eris-sync-loglevel-dorado npm...
Malicious code in dorado-slidev-hyperion-avior (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1d9b51963730a8f63d82b2a36879f53b58198545402e1f775c81363ba94df60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dorado-norma-sequelize-hydrogeology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c5310268f12744e307ddeec31c9193e9e03f4c09638606993ade4b4ceae9989 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177399
Malicious code in oscillation-grunt-magellan-dorado npm...
Malicious code in dorado-jest-gatsby-fornax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af9de4e8e9dafb88bdd63a361c5362004e17237ed4fcee7acb6bc660c15eecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188825 Malicious code in private-dorado-grunt-jupiter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f11eb7d0cf109b91dbe253864f2c5180d4dd0f625e3fc93c690844a23ac0b9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179274
Malicious code in dorado-jest-gatsby-fornax npm...
EUVD-2025-177118
Malicious code in pm2-dorado-lithosphere-gravitationalwave npm...
EUVD-2025-176796
Malicious code in rate-limiter-areology-dorado-apex npm...
EUVD-2025-178556
Malicious code in helmet-radiant-babel-dorado npm...
EUVD-2025-178250
Malicious code in juno-areology-dorado-webdriver-mocha npm...
EUVD-2025-179276
Malicious code in dorado-hexo-sqlite-postcss-loader npm...
EUVD-2025-179273
Malicious code in dorado-norma-sequelize-hydrogeology npm...
EUVD-2025-179019
Malicious code in ethology-zephyr-dorado-browserify npm...