37569 matches found
CVE-2026-53653
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653
Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...
EUVD-2026-42943
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration
Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...
CVE-2026-24471
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
Malicious code in version-meteor-jupiter-chariklo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8de3b988f0f3fb1fd2117a656b4e08db5bb4f37c268c474f1d899daeeacaa701 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alphard-webdriverio-titan-elektra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e6fa009818dee865117cbf148422b8ae696230e95a2f87744c06ab81d74136b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in subscription-playwright-public-carina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 701a8a346bf74a50513bb9a55b5b268f778f18a886f3f088e3fa641fb990991a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in void-grus-superagent-planckscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20a8a9fd08defaff05f5feabf694f5b971ed1904512ea95cf7ae5be645b34d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in integer-pipe-beta-orchestrate-simulate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e55447a68009d0b9b6fa757453f8b249946f97b92a5891a39a495e91cec4d3a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in plutology-meteor-xerxes-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb5bc61e9eac228156b339e33b38872ab4c63538b4ef99c2269a8dd85462dd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quick-serialize-small-bash-delta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83195472b40596bcbf33039302c5a9300ee72e68e9ab21557558e15d8f28a353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-superagent-eridanus-bionics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 066dc6b85c08093514728ad74577e54a20edffbcf7d838638c2e8ccbdc1dfd28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cybernetics-concurrently-testcafe-foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8f5792ee6c85cf91f477bdf5b37dca196fccc1875897cb6bdc09b40cb3c6d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in petrology-supercluster-relay-jasmine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64e7980d40954d8062670b9c1263d6823ca34e45eaee3e5ee43066b8d272c341 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aether-start-lepton-mdx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e36aedbc551c0fdb6d6a164bc853c5330db99a2f5ebdc2bd7c415435ac4acf66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in secure-old-deploy-resolve-encode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd40e8463e8ef60e60e2f721f62d52e42e5b10ad7481073017d47ad4d0616fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...