EUVD-2026-32055

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

PT-2026-33634

Name of the Vulnerable Software and Affected Versions UltraDAG version 0.1 Description A non-council attacker can submit a signed 'SmartOp::Vote' transaction that successfully passes signature, nonce, and balance prechecks. However, the authorization check fails only after state mutation has...

Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”

Scammers have found a new use for AI: creating custom chatbots posing as real AI assistants to pressure victims into buying worthless cryptocurrencies. We recently came across a live "Google Coin" presale site featuring a chatbot that claimed to be Google's Gemini AI assistant. The bot guided...

CVE-2018-1000203

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f latest release as of Sept 2017 contains an intentional backdoor vulnerability in the function zerofeetransaction that can result in theft of Soar Coins by the "onlycentralAccount" Soar Labs after...

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

@ichidao/ichi-sdk (>=0.0.63 <=0.0.249), @strkfarm/sdk (>=1.0.8 <=1.0.16) +3 more potentially affected by unknown CVE via coinmarketcap-api (=3.1.1)

coinmarketcap-api NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on coinmarketcap-api and may be impacted: - @ichidao/ichi-sdk =0.0.63, =1.0.8, =0.0.1, =1.0.0, =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19094...

@ichidao/ichi-sdk (>=0.0.63 <=0.0.249), @strkfarm/sdk (>=1.0.8 <=1.0.16) +3 more potentially affected by unknown CVE via coinmarketcap-api (=3.1.1)

coinmarketcap-api NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on coinmarketcap-api and may be impacted: - @ichidao/ichi-sdk =0.0.63, =1.0.8, =0.0.1, =1.0.0, =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory:...

PT-2025-47681

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4....

Incentive Attacks in BTC: Short-Term Revenue Changes and Long-Term Efficiencies

Bitcoin's BTC Difficulty Adjustment Algorithm DAA has been a source of vulnerability for incentive attacks such as selfish mining, block withholding and coin hopping strategies. In this paper, first, we rigorously study the short-term revenue change per hashpower of the adversarial and honest...

Malicious code in blazar-ganymede-nebula-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370979f72cacea88d7c2b214c49e014999cf0db275faaca2293958bfec344ded This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2018-5772

Malware in sbrugna...

EUVD-2018-5033

Malware in sbrugna...

EUVD-2018-4051

Malware in sbrugna...

EUVD-2018-5934

Malware in sbrugna...

EUVD-2018-5129

Malware in sbrugna...

EUVD-2018-5038

Malware in sbrugna...

EUVD-2018-5024

Malware in sbrugna...

EUVD-2018-5170

Malware in sbrugna...

EUVD-2018-2996

Malware in sbrugna...

EUVD-2020-29655

Malware in sbrugna...