13598 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kastra-perseus-comet-deimos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba13e6972332291be48505d01dfa79462dbb30b76789d9acd10da211473f2447 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in char-cat-execute-eta-authenticate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9713342fe9737ab1d549067b7de055aba480da58db6bdea8625417cc3c3c0a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in interstellarmedium-pino-bulma-darkenergy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab392f921f051d5be29925ee8bffff06c637f5fadef8a9ab6399776bf67709ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cz-conventional-changelog-heliophysics-carpo-mocha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87b43b39469f3044ffca305f0206cc9adcde03611a0fd8cf39b08d0230171522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in envconfig-fornax-void-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1239ea3b31415a82c90cd5302c82bcada5a25101219fb703c24e45ba2738c305 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in stratigraphy-archaeogenetics-pino-figures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8b8215edc8d75314fd70706553211c18d60e357ddd2ba33d98c9aebc7bfc32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in barnard-octans-development-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b647de4d84c8d74ffa98204aa954f76d7683d1129a058a4e5dfe7bdd5cf622ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mui-reveal-md-registry-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76ad89d8331122a15bc7cf5f8f5bff6b20a31ed3a2ccc02e5573a1f7b14248ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lynx-astrobiology-exobiology-plutology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5022a4f59ca7850edeae70e74134dc60873af3911d08e22097f4aaadf9b980a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in run-script-koa-json-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddacb19a7b3e97bf03064774e12705d50f27af3a4fa50bfc8148937c7bbe0782 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cladistics-markdown-pdf-helmet-betelgeuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd738c7aa03702231879b831a4173493a9c29b30350ed0f630d5bbd30def03bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in awk-encode-good-byte-uglify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4cca71a4491c633a2c7f274e3a868f88632b23381903b5fa7e387991ebc55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in genomics-biohacking-xanadu-cross-env (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3db31ffe47d54cdaa5a7c3fc25c8f9613c3d1667e57a7e9a8b85bfbccb19d791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in book-good-old-sun-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2cd52bc87cf6a49f1316acfb38ffa8d78d4dc56904ce569006a96a9d6b4270e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-indus-cors-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b161dd83470ad8e5d5e7fae8eb08ea363c660e9e4d923d81d7c6716a5955553a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cryonics-publish-dactyl-pyxis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8e8225eeaac0b8916a2b89b7dcf39e7988138e6e430c4f6a4730306f251bdfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in publish-airbnb-changelog-archaeoastronomy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba327f3344b387071a4396d178c7fc38bbd4e9fa76c261ec5c8f657092af621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astro-cors-pulsar-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59931b01fc60b27e9ad893bc7767e2c241ffa9fd0413df3cddc31dce9fcac8d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...