37568 matches found
CVE-2026-53653
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
EUVD-2026-42943
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653
Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...
CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration
Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...
CVE-2026-24471
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
Malicious code in beta-try-omicron-orchestrate-analyze (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b40241994a51d236f94131d470823d6b7102b40d2be0b6ee91870c93a7ef67ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in got-lynx-greatfilter-betelgeuse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb1e5ae3602ba1d907e123d07c8bb75e62724ff1d8078775eb901682291c03f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in execute-java-short-cluster-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in soap-wasat-frontend-astroinformatics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035f9ef7998b394d382afc13f9209220a634c21114f0432767956685d56e9cf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-start-lepton-mdx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e36aedbc551c0fdb6d6a164bc853c5330db99a2f5ebdc2bd7c415435ac4acf66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zeta-cold-notify-fire-easy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77229f2590e999b50f84151be215aed98544f5d472493de435539a1fb1794260 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cluster-steganography-slides-entanglement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796ab19af8288ef87fc08c84b75032e9a955512cf76daaf4f031d635f7ec9e99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-zenith-ganymede-mutation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52cc7a0b5ee7ab3c856d1daa1a376b8b8524151fc4f7a6b66551f0059afb40c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in planetology-deneb-betelgeuse-ini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d9e76fd68dea4a218da7554c4a828cd8f512e9399f2f98a6ba89184f1e1ac45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in server-filament-framework-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 358fa0dd87122948b061c1340cb9ff978517012369a5031ba9ed47b043345bc8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vuepress-centauri-transhumanism-astrobiology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bdb05993db85d17c64f179ee15f5d3d4425016c0f6dd71699c1b011dd854db6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mensa-spectron-webdriver-prettier-stylelint-zenobia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c01f67010d3ce6356b532d86ad6e498d18ab64a061856b395c3e02a92872fe6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in analyze-abstract-hash-code-iota (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94747fbea6244359c0e5f32c8af9461dfd765fc51d10bca1d94dd3e3f0cef6b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in child-process-stratigraphy-subduction-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7c49dd3945225b658c5a51f33c18f72ccbb43fd246685797fce72947468f0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...