MAL-2025-140589 Malicious code in chai-firebase-koa-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c3684afb31f84cfdeb0ce06a2cd60169e7022b8dada7fd26542b56b9544dad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vera-lontong23-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5ea1cd0178fa4bf0594c9cddb903598c05be284360146f3b1ef3b57eb0f6616 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in udin-kue34-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c0701341591ce3c23a4a3e040466dfadcf4847b14452f93c8d9e9b95afb3e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract

Lines of code Vulnerability details Impact according to the comments in code: "Every time userPeriodLength seconds passes, the amount withdrawn for all users will be reset to 0" . but in current implementation only one of the users userToAmountWithdrawnThisPeriod value gets reset and this will...

CVE-2021-34141

CVE-2021-34141 affects NumPy (numpy.core); the issue is an incomplete string comparison in versions prior to 1.22.0, potentially enabling a DoS via crafted input. Vendor notes describe the behavior as harmless, and no exploit details are provided in the sources beyond the vulnerability descriptio...