11 matches found
MAL-2025-190787 Malicious code in vite-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
Malicious code in ariel-markdown-arcturus-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f906563d9aed4a7980a31a32bfc6ae14daf13ed46d446a279c6169602dc258e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-solis-nashira-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e063306d0ace405b4675d9737c8065008de10a8d47a009069e48b9c53f1b196f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xerxes-public-eslint-plugin-quantum (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2d15fdd3e3f0c5477368f312b0532431a264e618e809ebbdf7474e454016b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-callisto-figures-cosmos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4e3ad75f95ef1ab6168c2fc7ffe683dfbcf10052f2ad2549c971e1a6e3d55b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146497 Malicious code in prettier-plugin-markdown-uninstall-jupiter-umbriel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 016a965ba834659af21a9a6e5d253b93b8c12b8879febe52cc900dcf8c2a290a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quito-request-karma-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c90bb0614863aef8fa9c825f50394f601085ce72fe96a6c0d37ac4d097153fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cybernetics-callisto-commitizen-rollup-plugin (npm)
The package cybernetics-callisto-commitizen-rollup-plugin was found to contain malicious code...
CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13...
Information disclosure
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection...