MAL-2025-135471 Malicious code in maman-rangginang90-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208fbb6b01645030eda65f46ca6f0d5482d3f4ad9b457c68a9e9b2f153cbcb0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-119235 Malicious code in clever_damselfly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72657d7e89e62f40029b4a87f8fca517e4a7b1ec7b884a06102297f5aabef664 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-91122 Malicious code in tomi-botok36-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c964fbce41fb319094ed0ba81b76d578cc9367c69aa187799907aa62388edeea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-73610 Malicious code in iwan-wajit73-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eb314ca9f664a84c56bdd1197e9081b0cebb68073398403422d11d33e633189 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-71981 Malicious code in arif-kemplang66-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9330e628f5109800dce80de68ab13eab359d964e92f3aedf7361231c598e66de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in patria-dradag3-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 143cb3add24156d5cd1aab4ff8e11b9e50f2c7410e5c42d605a932fd31ac6116 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-27125

Malicious code in bioql PyPI...

CVE-2025-36854

A vulnerability CVE-2024-38229 https://www.cve.org/CVERecord exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free...

PT-2025-36468

Name of the Vulnerable Software and Affected Versions: EOL ASP.NET versions 6.0.0 through 6.0.36 EOL ASP.NET versions 8.0.0 through 8.0.8 EOL ASP.NET versions 9.0.0-preview.1.24081.5 through 9.0.0.RC.1 Description: A race condition may occur when closing an HTTP/3 stream while application code is...

GHSA-R2FC-CCR8-96C4 Next.js has a Cache poisoning vulnerability due to omission of the Vary header

Summary A cache poisoning issue in Next.js App Router =15.3.0 and 15.3.3 may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in Next.js 15.3.3. Users on affected versions should upgrade...

CVE-2024-35229

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

CVE-2023-26471

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

CVE-2023-27311

NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector...

CVE-2024-43366

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...

UBUNTU-CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056

The CVE-2024-45056 entry describes a misoptimization in zksolc (Matter Labs’ Solidity compiler for ZKsync) where LLVM optimization folds (xor (shl 1, x), -1) into (rotl ~1, x). Here ~1 is generated as unsigned 64-bit (2^64-1) and is zero-extended to 256 bits on EraVM, when it should have been sig...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...