29 matches found
CVE-2026-7215
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
CVE-2026-7215
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
CVE-2026-7215 egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launchvmdguitool of the file mcpserver.py of the component VMD Launch Handler. The manipulation of the argument structurefile/trajectoryfile results in command injection. The attack may be launch...
MCP-GMX-VMD 注入漏洞
MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...
Malicious code in gmx-share (npm)
The package gmx-share was found to contain malicious code...
MAL-2025-21613 Malicious code in gmx-synthetics (npm)
The package gmx-synthetics was found to contain malicious code...
MAL-2025-21611 Malicious code in gmx-share (npm)
The package gmx-share was found to contain malicious code...
Malicious code in gmx-subgraph (npm)
The package gmx-subgraph was found to contain malicious code...
Malicious code in gmx-synthetics (npm)
The package gmx-synthetics was found to contain malicious code...
MAL-2025-21612 Malicious code in gmx-subgraph (npm)
The package gmx-subgraph was found to contain malicious code...
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...
No slippage control while minting GLP
Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...
Rewards calculation does not consider GMX reward rate fluctuation
Lines of code Vulnerability details Impact The current time based px rewards calculation system is not accurate, and not fair for users. Due to GMX protocol reward rate fluctuation, px users stake and claim at different time could get less or more rewards they deserve. Some users could abuse the...
The compound() function is used with a fixed amountOutMinimum value
Lines of code Vulnerability details Impact The compound function helps to swap the gmxBaseReward ether for GMX tokens then the GMX tokens are deposited for pxGMX. In the swap function the amountOutMinimum helps to put the minimum value that is expected for the swap. The fixed amountOutMInimum...
First depositor who is a whale account can deny later depositors who are smaller accounts from using AutoPxGmx contract, such as for depositing GMX for apxGMX
Lines of code Vulnerability details Impact A whale account that owns a lot of GMX can call the following PirexGmx.depositGmx function to deposit much GMX for pxGMX. As the first depositor for the AutoPxGmx contract, this account can then call the AutoPxGmx.depositGmx function to deposit 1 wei GMX...
Unlimited minting of pxGmx in PirexGmx.sol which may break protocol
Lines of code Vulnerability details Impact Unlimited minting of pxGmx which may break protocol. Proof of Concept A user can call depositGmx on PirexGmx.sol and mint some pxGmx after staking some Gmx via gmxRewardRouterV2.stakeGmxamount and transferring GMX into the contract. // Transfer the...
Malicious Package
Overview gmx-arbitrum-referrals-staging is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments
A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial,...
GMX Mail - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application GMX Mail published at the 'play' market has multiple vulnerabilities...
GMX MediaCenter - Certificates or keys found, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application GMX MediaCenter published at the 'play' market has multiple vulnerabilities...