38 matches found
CVE-2026-5364
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...
Malicious code in spectron-webdriver-async-primatology-canopus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4810ee66c68692cb4e0793f469d0d3874bbb2255c23b0dd696e904d2e43f0c2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176165 Malicious code in miusan-faud-aneraf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73f9d866572064c6a43b943b8200610cd1ec30ff7f859d0801881c272d9a790d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171631 Malicious code in nasirqadir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1485b8466baacf5f808a74021df6792658a5c0e536ed3f28fe571816771a6f3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150055 Malicious code in @mipta1/ijahia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d1e40db3fd81f97d45845e5ce4c845ac909d16fab9405bdb6244f5b0c7a8833 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avminah-fagmas-adgmifaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5be06952ebce81287161ad0d2f8744f49a103b35ac956781bb9d17fc995a72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aibopuna-mobile-arpnabi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2e005d0808956fe5553ae1935bc6ac5fc2f7a78b9c9e7eb839588d6a8273f4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-166825 Malicious code in teagood-cuekin58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6be57b1fe9eff229d23f0716fd00dca397bca4d38e39b4911663eca0b7ee810 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-158346 Malicious code in lookingan-konami81 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36129a4362f716737e5fbe02c3673096289c257168fd4aa24c05bd8baf743d09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in keyla-poke38 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 966dad035e3afeef64989da370f2982764711d9a040a6c5fb6cf02fc553d960c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dajouka-ds-tac (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db1c13ca806fc4dbf787d2878ab7a74366663c9635732c3c0a33ee6341b8090 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in javascript-dotenv-quasar-spica (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 996a3dae89f9b7e3bb0b73ff7640c83fb95b29c9f700d3dfa3ecbecaa30be33a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in exec-markdown-pdf-lyra-postgres (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba57287ed1f74c1a4a3b805756b3c4022fb5695ff5ffedbc4695321e339df30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in docusaurus-sync-aurora-aquarius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de322dc14cbf09d6210fe4f1063f229a8881ac8ba3a9ed3a70a31dd85cc166d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-dactyl-ini-astro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf395e7b3693a939d7ad32c6e4cc5ae06e04fa347b15775871942a5e6c28d16d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130814 Malicious code in umi-keripik81-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b47bfd3982f2da5aa6079b88e16e98d490fb673f3f31074280aa2366d64f87d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eka-sego96-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49d85cebce5d1d6b5a81905b48b09a01aaf2eb666af619cd4531456da89a993d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cindy-mendoan83-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc06dc7dcbf70153af58b1737e90d28c2683da3a1e729ba2c0d10a60817861f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-123806 Malicious code in umi-kue26-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12915c47fcccbc2417066aa41afc7db4d470cd37ec094171ac5332ee766332f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...