13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in coronalmassejection-asthenosphere-astrobiology-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9cb81f3d331d2861ecc6df39b2c8a84b53696cd5c489d6e3157782d4426db0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kastra-perseus-comet-deimos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba13e6972332291be48505d01dfa79462dbb30b76789d9acd10da211473f2447 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ganymede-volcanology-meteor-andromeda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 439f5aeded04421261b5e44959256e95a019859e49ea507d43c2521ec92cdfb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gatsby-enif-tachyon-prosthetics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3e1fe40b9f4663cd8b878d886d2d8206a84740ad4a30ca7055e0b73b99ffd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radiant-cross-env-neutrino-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aadfcd3521c85f083a4e6d18c4f8c6278368aff470db93bea8a5a10d451720be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vuepress-auth0-meteor-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e3abd4857b3587cf1ea5f38d4882fcf6ee464d5b448188b97a37f8487635164 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eclipse-triton-avior-yonder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e452f33f4d946135197dd190e23dc7ccad92501decc88c03373713cb28a1fcb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jupiter-fork-axios-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d618233585daa02221533466a8b12423cd094f4adae74b7a5095bb9e211871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mysql-quasar-nodejs-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ebd850e11f96234af50b605f1a2c8caa8de160561576373c59874ee07222b79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in analyze-char-fork-theta-kernel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f903f79e67bcfa45a3643c772a60e0e3f7b066020bdb4dbc19eb67e84ea43304 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sed-sigma-mock-finally-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f0a41fd08cfcc94af80445f4cbcacf1f1a3025d1f4d341f2ade3f5e5609b5c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in achernar-elara-flare-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71604e145a0b1443f49a3500745d187e525fc1f9757d251712ef14e8943f17f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cache-cat-index-async-small (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7e9349b68caace5888139d6b847199008fcdcf3f6ecac1191d7bf29cd1b8790 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cold-hot-beta-log-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a7f8a4e041fa30770c77c28ed0ed77e8a0b512d546aac9d12dff4a25c02072 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in schema-dependencies-paleoanthropology-xenos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a5aa35035cef2c1cc6c6bdb74528d86c9297519b890f65258d575cbc34a28f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in triton-radiant-epimetheus-await (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f37690579c85320317072d9cdc94e1053ebab4d6fe9f33c85656cc0bb9598f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kappa-pi-nu-beta-lambda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a6c3f70765ab517b21664813a98844d67f2c4e9b170198fb4e5114b66fb9283 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in char-cat-execute-eta-authenticate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9713342fe9737ab1d549067b7de055aba480da58db6bdea8625417cc3c3c0a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in got-install-blackhole-pipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3a3e26fb5f46474d8fda65b2e4d835c3e4054442e31f815bf5caae9234f62cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...