EUVD-2025-201141

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

Malicious code in book-good-old-sun-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cd52bc87cf6a49f1316acfb38ffa8d78d4dc56904ce569006a96a9d6b4270e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmogenic-astroinformatics-mesosphere-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f5567535a8c7e5a16a20da17662eb0990505e3a08147a910886879f3674c79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cassini-hawkingradiation-rocket-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5253824e08b7a2567634e293db52907f34094d4adacb6b4ba2c609be5a522aab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-leda-mesosphere-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c55ac0c1e1677bbe795f58c9d6316ea72e59e3380904b89eeabd1a4e3609525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lynx-astrobiology-exobiology-plutology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5022a4f59ca7850edeae70e74134dc60873af3911d08e22097f4aaadf9b980a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mui-reveal-md-registry-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76ad89d8331122a15bc7cf5f8f5bff6b20a31ed3a2ccc02e5573a1f7b14248ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in air-query-sun-void-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4415629b6f9c34adfd199b9e27c7decd99d107eea9d23f83c216bda3cf37b17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186465 Malicious code in daemon-function-throw-file-dog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a73e261a4f17a185bcca6a3ab3abc503be436cc2631043966eea2b64c29a97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188072 Malicious code in miranda-gacrux-stratigraphy-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06412ef9850be1e7a1ccd8f1007f1b16b41bc66dcde0d734ed417f747e5780c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187656 Malicious code in kappa-encrypt-public-rho-boolean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656709df41c0061ebd217bc1f9d8008060baf2008b8c7f3bdce9147727b37576 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188225 Malicious code in neptune-node-sass-altair-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad682c7ef1b00daaed7b6861c4172801654dbd52ae27354ba342091db9601ad2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188477 Malicious code in orogeny-fermion-mui-jovian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bb0406ac1f1bb4b98f3bc29d46c584b70dbc4b846a397cfe88fa1283c87da7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188978 Malicious code in puppeteer-exobiology-semantic-release-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 492b2388e50d217d03a5e5f9711d814fffbd1724cb17c2b745d1d05ed86fbe9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187944 Malicious code in materialize-magnetar-paleontology-cosmochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecf9462c6606c2905716e1a2464a867641a12542ae45f8c63e22e1cdfbe250ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187733 Malicious code in leda-hercules-restart-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51a19c1b6d4de1af3ae3df060eb4f4301b9159c50ff7eba583262e1dcef8bbde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188903 Malicious code in protractor-wezen-repository-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed5572cbba6910aff31d33872e7ebb22412069d2c898fa10089c3aa097cce407 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186210 Malicious code in colors-superflare-rigel-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0e903a3772257f571117e9c4c67e3181375d448e7529e39f970068e1f42f8e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185937 Malicious code in bulma-titan-axios-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aefa58ff6412b2a7d3639037d582e5057b746e53319c75443b3aeca613e7b575 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188297 Malicious code in nightwatch-supercluster-zooarchaeology-redgiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23dbe896a92e864c6d40edf151690e7a04699b5c221f7fbb1c21f727880dd0fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...