18782 matches found
Malicious code in cdk-insights (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa41acb776dbedfe93c37899783a5e54b78017ac31576c798a27eae6b9e9ec89 The package contains code in dist/entry.js and dist/index.js that invokes npm publish programmatically combined with writeFileSync operations — the...
Malicious code in @kmmao/happy-coder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
CVE-2026-1217
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
EUVD-2026-12800
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...
CVE-2026-1217
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
WordPress plugin Yoast Duplicate Post 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26040
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone bulk action handler and republish request functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
Malicious code in java-orchestrate-awk-process-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23029396724af0865eecdd010c3f17e6739fe0ce56c8d44b3531fbdeac934801 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rest-paleomagnetism-eris-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0bc402668138cfaf7a98c94602606b2e89444223aeb567e96a42bef52c285b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in docusaurus-xml-proxima-luna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4841cb7fbba4912212b6867a9ab9667021ec18b4781ff0fe00923b7377062a5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ursa-lynx-baryon-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48c047aaf9be12297281030b78228cb9cc29d099a9dbacca667f8943fc6b2e3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in local-jasmine-gammarayburst-delphinus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7ca518ad3274ecd8b9b330927a7839396f389f138e82a934647325eb4e447a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...