Malicious Package

Overview tachyon-spade-reporter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

MAL-2026-1386 Malicious code in tachyon-spade-reporter (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ad134ce018cc5d3d53f7bcb89de68046aacd2438d13bd6fb93875be5380223 The package tachyon-spade-reporter was found to contain malicious code. Source: ghsa-malware...

Malicious code in tachyon-spade-reporter (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ad134ce018cc5d3d53f7bcb89de68046aacd2438d13bd6fb93875be5380223 The package tachyon-spade-reporter was found to contain malicious code. Source: ghsa-malware...

GHSA-C32P-WCQJ-J677 CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

CVE-2025-36927

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36936

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-64987

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-64990

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

CVE-2025-64986

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

EUVD-2025-202848

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36936

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36927

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36936

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36936

The CVE-2025-36936 entry concerns Tachyon Server, specifically the GetTachyonCommand function in tachyon_server_common.h. The issue is a potential out-of-bounds write caused by an integer overflow, enabling local elevation of privilege with no additional execution privileges required and no user ...

CVE-2025-36936

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36927

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36927

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36927

CVE-2025-36927 concerns a potential out-of-bounds write in GetTachyonCommand within tachyon_server_common.h. The issue arises from a missing bounds check, enabling local escalation of privilege without additional execution privileges or user interaction, as described across multiple connected rec...

CVE-2025-64990

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...