WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +3600 more potentially affected by CVE-2025-70974 via com.alibaba:fastjson (>=1.1.15 <=1.2.47)

com.alibaba:fastjson MAVEN version =1.1.15, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.3.0, =3.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2025-70974 Source advisory: OSV:GHSA-JM7W-5684-PVH8...

Malicious code in dorado-norma-sequelize-hydrogeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c5310268f12744e307ddeec31c9193e9e03f4c09638606993ade4b4ceae9989 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175488

Malicious code in xerxes-paleontology-dorado-pavo npm...

EUVD-2025-179501

Malicious code in cross-env-dorado-eslint-config-zephyr npm...

EUVD-2025-175800

Malicious code in update-dorado-farout-draco npm...

Malicious code in dorado-spectron-webdriver-spectron-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d89c14e7aa074c70529c5ea2e78d695c2f8741dc72356cc92dcc4df097c7884 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179277

Malicious code in dorado-development-troposphere-futurology npm...

Malicious code in cross-env-dorado-eslint-config-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0985a4ef455f65277df5cbe81f64d7157822a1f417ec13d808b81967e4ce8e28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186608 Malicious code in dorado-jest-gatsby-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af9de4e8e9dafb88bdd63a361c5362004e17237ed4fcee7acb6bc660c15eecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189017 Malicious code in quark-dorado-ethology-loglevel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9270626698c8706953e8ddc2fe61d99577497576cc954a81c95ae6ad4a0c625 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179019

Malicious code in ethology-zephyr-dorado-browserify npm...

EUVD-2025-178556

Malicious code in helmet-radiant-babel-dorado npm...

EUVD-2025-179276

Malicious code in dorado-hexo-sqlite-postcss-loader npm...

EUVD-2025-179296

Malicious code in dione-dorado-apollo-mongodb npm...

EUVD-2025-178548

Malicious code in hercules-css-minimizer-webpack-plugin-cz-conventional-changelog-dorado npm...

EUVD-2025-179187

Malicious code in elara-jovian-dorado-biogeochemistry npm...

EUVD-2025-178801

Malicious code in gacrux-dorado-impulse-test npm...

MAL-2025-186611 Malicious code in dorado-spectron-webdriver-spectron-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d89c14e7aa074c70529c5ea2e78d695c2f8741dc72356cc92dcc4df097c7884 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187081 Malicious code in gacrux-dorado-impulse-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c65b3ff1c02ec4218b6d3cfd1acef8705073c0a75768296613710e6fd716088 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...