EUVD-2025-201141

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

Malicious code in serialize-quick-alpha-book-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3a965104bed503baf5938acd3d4dda26b3d1e3317487000bed52dba4bc6959 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmogenic-astroinformatics-mesosphere-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f5567535a8c7e5a16a20da17662eb0990505e3a08147a910886879f3674c79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-leda-mesosphere-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c55ac0c1e1677bbe795f58c9d6316ea72e59e3380904b89eeabd1a4e3609525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188733 Malicious code in planetology-biogeochemistry-areology-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ea2cdad2ea28eee97d50e39769c35265556f86264f39d84627c958c5f00616 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187511 Malicious code in interferometry-paleoanthropology-innercore-seismology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5111570fb96c1ba759d258ad82f85016f3ea249aa5656e2e525ebc6cfa974bbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188420 Malicious code in omicron-query-air-cold-kappa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecf2ab953418ed4cb1f746b6fb3179574ad14d8670dc1414ab46934e8199dd06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185834 Malicious code in biosignature-spawn-slidev-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08678df57d0faab58f3bdefe4aa354744ee16d6eda67bc9e6e1f9b7178654520 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189471 Malicious code in shell-omicron-dog-bash-simple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9773541d5d024eb6ba320252005f48715f06580b91dc6b9da8e16df177b7266 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187674 Malicious code in kaus-atlas-aurora-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18819dc2e7d57c5c0e06d57e37b2c5520650bfbd6ef84b3a55ba46cbc0c2ca7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186486 Malicious code in darkmatter-exosphere-exoplanetology-yakutsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66fd91944b979138e05bf2487dcd84925f2788baa8346eb2c5452959746d963a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190055 Malicious code in uninstall-semantic-ui-await-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d54cdc877af56ca1cfb7dbad3c96a744be26cd760c76bbef5ee6ca64e03bc210 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190450 Malicious code in zenobia-google-readable-paleobotany (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 858f7b4211ddae783c9dca4669d04a3d883faa28e83cbba2ae5494bcb0977e12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186582 Malicious code in development-warp-geoarchaeology-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c840035c07923c4175839d47e43684ea33f6cefb2879b9b69bc767d9eb50c71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186550 Malicious code in deneb-parallax-aldebaran-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62fdac9fb115059473ddb39de7308936fb34fee96693299f3e1aa1c9d0719d33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187296 Malicious code in hawkingradiation-ora-celeste-toml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16583bc4d19d123f6a7f3df0faf7b443656d981c65e219ef3ab7b8d15897c9e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187992 Malicious code in mesosphere-nanotechnology-got-scorpius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51ddaebeed905bd3e4d2efb4932a9094e6dada95ad1d5541fb3cc456209d2d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188978 Malicious code in puppeteer-exobiology-semantic-release-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 492b2388e50d217d03a5e5f9711d814fffbd1724cb17c2b745d1d05ed86fbe9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188647 Malicious code in petrology-module-australis-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aedf2a100eb1fc3c7c3a325af0c6969e95c447adbdebaba9a1c2b6f0b869ce3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188493 Malicious code in package-process-helios-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeb81f40d3ff44ee4699781197daf1ed03b36c2de1caae9749443281acd3d14b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...