9571 matches found
Last.fm Rotation 1.0 - Path Traversal
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...
MAL-2026-10477 Malicious code in @gleamkit/socket.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d6a306142d74b2781d66322adf2bc1b9898bfdb8e1814d2cb511c3e49b75c13 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10430 Malicious code in prettier-plugin-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in tipsen-poc-again (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...
Malicious code in sixseven9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1ed9c23f2c82d9e91d783110274aff10788de9e0e9a783964702ea26c7b1cc4 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in abuden223 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden219 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fcdb937c07c7ec8c87b884a8410166890165c5e9554397ed5ebcb1a5e58cf7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beeb7a0cb302b59468d0c8e75f4eac559afebefdf4526e4ed0832ab6ffc738ad The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff24 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff29 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074e027c282713fdcd142d97a0a6b07a661db091f58be50fd7fb9dfa724b968f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a7da1cae4bcc5f4805bed7bd781b9e27de67b2264f6ba7740c8730369c9405 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bca534c9132e075eb12129f9986f32127805ef4e81a801de877aaf3a9bda6e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a4e89de7dc0db67a1f6c404dc1b6b0b418cd8207e71ad82ef8d2027acb7ea9 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee11657fe74b7eef3139cfa2b9af453d122a4ae6a93964265354668c5c3b244b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff27 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b836372198329677623bb152dc7db76b249d842c0d10a3ec94d9ce2ae467827 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in speed1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55f523969dc528b9e84ec2f5a875e316c09d97d41b25e28e66e0c3a218c453ce [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...
Malicious code in ishowfeet12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b60cb6a8169d535b5e52d5fa3cb7a1a16bf4f2d15f87d894a4111da9b74fedae The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in backupsitetuff6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0f0345d3aed2a0b5f8f145161679e6ebf492603ce2e99d586903f5b8044c9 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in miguelphonk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c26ae2a9608c5a861f096563a0ef1171cb898403537612739792024abcc2ff The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...