20 matches found
CVE-2026-46407
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...
EUVD-2025-199274
Malicious code in quickswap-default-token-list npm...
@getsafle/1inch-controller (>=1.1.1 <=1.2.2), @getsafle/pancakeswap-controller (>=1.0.0 <=1.0.1) +4 more potentially affected by unknown CVE via quickswap-default-token-list (=1.5.15)
quickswap-default-token-list NPM version =1.5.15 is affected by a known vulnerability. The following packages have a transitive dependency on quickswap-default-token-list and may be impacted: - @getsafle/1inch-controller =1.1.1, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.1.1, =1.1.4 Source cves: unknown...
EUVD-2025-199131
Malicious code in kinetix-default-token-list npm...
Malicious code in kinetix-default-token-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 834c5a1d0acc5be073a1939708bfdfdb3d38a411407c9ac4e2abebdfd44ee059 The package kinetix-default-token-list was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191117 Malicious code in kinetix-default-token-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 834c5a1d0acc5be073a1939708bfdfdb3d38a411407c9ac4e2abebdfd44ee059 The package kinetix-default-token-list was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
CVE-2024-21635
Memos suffers from an issue where Access Tokens remain valid after a user password change, allowing a potential bad actor to continue accessing a compromised account. This affects versions up to and including 0.18.1, as tokens tied to the old password are not revoked automatically. The vulnerabil...
Linux Distros Unpatched Vulnerability : CVE-2021-36398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. CVE-2021-36398 Note that Nessus relie...
Malicious Package
Overview swap-token-list-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in swap-token-list-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff37669cef0c949bb0dd7b4eebab3d14891256532b09e265c1a486fb2ca0996c Any computer that has this package installed or running should be considered...
MAL-2025-6314 Malicious code in swap-token-list-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff37669cef0c949bb0dd7b4eebab3d14891256532b09e265c1a486fb2ca0996c Any computer that has this package installed or running should be considered...
Malicious code in swap-token-list (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-4766 Malicious code in swap-token-list (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-2099 Malicious code in celo-token-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cd8cea412b5be8bcb5dbb9a84d39a233b5baf47fcc123dfdafc3905b7efa7ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in celo-token-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cd8cea412b5be8bcb5dbb9a84d39a233b5baf47fcc123dfdafc3905b7efa7ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Invalid WETH inclusion for Curve's Tricrypto pools.
Lines of code Vulnerability details Impact For some of Curve's Tricrypto pools, CurveTricryptoAdapter will not be working. Proof of Concept address wethAddress = ICurveTricryptoprimitive.coins2; zToken = calculateOceanIdaddress0x4574686572, 0; // hexadecimalascii"Ether" indexOfzToken = 2;...
ConvexTriCryptoStrategy might not compound all rewards
Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In ConvexTriCryptoStrategy.executeClai...
CVE-2021-36398
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle that stems from not adequately handling user-supplied data passed to the web...