13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in jwt-polaris-accretion-transform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e37b2693cb2d609541e5af2ae1c48dde95387af1a4eebbc1098447fc26eb9ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in index-short-java-phi-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40e263ba680a09fbfa7fa23f8bee80092a3b81959c15f1cd633d5a32f174fd41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantum-darkmatter-native-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df4b7d2e949c0c56d06fd440de24261c533ae34fa972d0a9fb8cd3cce716c207 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in load-protected-file-index-analyze (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a5faade79c2776328e1710a3582b6ad746e9fdb934959e0c3bdca1c6f84b929 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sudo-yaml-virtualize-encode-pi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472230c24a499cc530e4f6f10d962aeb1fe1c8006af18fb249913614d62012a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pipe-cloud-try-assert-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd568cad8ce32be5229100a77795fc873913ab9e69eb170a41cfc941c01ef28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in metalsmith-ganymede-gravitationalwave-biogeochemistry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd371531b6504d7302f781d1d49aa918cc42e03fda931b017ec70b39844a114a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jupiter-fork-axios-magellan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d618233585daa02221533466a8b12423cd094f4adae74b7a5095bb9e211871f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in semantic-release-webdriver-mocha-holography-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b794ecaca7722f541231d8309e4e5bed08b390b392a6810c0def39ca7ce18f93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in enceladus-got-ultra-centauri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32239f7dbc5399708cd1356919a8314d11782fff280d08afb68b2a936bd12671 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryonics-publish-dactyl-pyxis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8e8225eeaac0b8916a2b89b7dcf39e7988138e6e430c4f6a4730306f251bdfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cold-hot-beta-log-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a7f8a4e041fa30770c77c28ed0ed77e8a0b512d546aac9d12dff4a25c02072 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in parcel-panspermia-commitlint-config-angular-tectonophysics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad7ce5ec778c0d8a09caa214fc9ed62c9222306281fcc29ee88e7c4f779e7806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in standard-frontend-glaciology-selenology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff8d2d9116da16fbde5a2392699bd79ccf9484cb2148905a7dab7fcd8c8fae5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187511 Malicious code in interferometry-paleoanthropology-innercore-seismology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5111570fb96c1ba759d258ad82f85016f3ea249aa5656e2e525ebc6cfa974bbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189909 Malicious code in thermochronology-gravity-commitlint-element-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75579a959d026eb2c03145dce2aba38b593b3073d09b2b1efbd3643c2b07e8e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185864 Malicious code in blueshift-lynx-dotenv-safe-morgan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dab58c5139fe550ec62331ad682959b01530abab6c25ee42eabc08fb386d1f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189122 Malicious code in refactor-signal-float-code-char (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63bd76bf641eda520b1b2a0dbe0a1b53f6b4fc54d58d3d0fd0530f99af1f492b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...