Lucene search
K

31 matches found

OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-188161 Malicious code in mysql-heka-version-saturnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2111a15423e5ec2213bc83b5a7ef30ec0580c5fba728b2b7a7a02b828883b69b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.2 views

MAL-2025-166259 Malicious code in sunden-diak-nubitr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e76d0adc1ed5a1ec0fbae95edef4734ba7212d9d20940579d92bad92ac2cb831 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in mansila-tfla-magaoli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1774ea4a84533266f3c902db63d68dc936b9e3c3ae653e63761f1a915d38b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.1 views

MAL-2025-169787 Malicious code in uinsnu-lumi-knal1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9417cce5cb2c9c581d3a15a6390918591472c99f695a8f3659f58d0eace1e1bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.4 views

Malicious code in fitra-poke30 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25addd62faa859d289842a62b456cd13cca198fd3a481e101cf948d23aa9332f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.5 views

Malicious code in optimize-css-assets-webpack-plugin-regulus-vulcan-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c07d2b8b61c7ab9e326b8192138231dad82b035a739b9196b7f208ca7b97637f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.1 views

MAL-2025-126271 Malicious code in erwin-rangi16-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddcbdb12c5d9e69e0d5b1a9521f031d49d4b4c28872b8fc988ec8f92299350a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.2 views

MAL-2025-126987 Malicious code in hadi-jus8-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a2720c62b9d2f31ae9bc3f16bc38fa8c1c2506a33cb218344a79680d494511 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:11 p.m.3 views

Malicious code in kresna-rangi44-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b217ca064ec7630fc9afb6ca2c24147f0ac47a14c3f777f906a7948f3273c1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 8:11 p.m.2 views

MAL-2025-122737 Malicious code in qori-brengkes55-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b4835a0fa1fad1bf020d6a3e6dceb4410eaeca12d1f4f35938c9f100793326c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 8:11 p.m.2 views

MAL-2025-121043 Malicious code in joko-dradag38-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ba5168ba82126c950e1ff1f31acd4d212879f543aaf3a22de56e803f5e8a248 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:48 a.m.5 views

Malicious code in siska-lodeh53-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 521dbce7f4b79f38330e298a8683588fe1db62c4bc9504379ae1b33a30bd3e9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 2:29 a.m.1 views

MAL-2025-75082 Malicious code in qori-kacang33-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45f53a3510e6aabb6f8cd28ac33abf9f86581b2e81620bacc90f4d34fdc6bf1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.14 views

DepositPool is susceptible to the inflation attack

Lines of code Vulnerability details Summary The DepositPool contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact The DepositPool pool contract acts mainly as a vault: accounts deposit LST assets and get bac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.7 views

Shares Manipulation DoS Vulnerability in StakedUSDe

Lines of code Vulnerability details Impact The StakedUSDe contract is vulnerable to manipulation by a malicious actor, leading to a permanent interruption of operations through a Denial-of-Service DoS attack. This vulnerability also impacts StakedUSDeV2 due to its inheritance of the StakedUSDe...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.13 views

StakedUSDe.totalSupply() may decrease below MIN_SHARES by StakedUSDe.redistributeLockedAmount.

Lines of code Vulnerability details Impact StakedUSDe runs checkMinShares in deposit and withdraw to keep the totalSupply more than MINSHARES, 1e18. It is to prevent an ERC4626 inflation attack. However, StakedUSDe.redistributeLockedAmountuser, address0 burns all the user's shares and decreases t...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.6 views

Price inflation by locking CVX on behalf of VotiumStrategy

Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.9 views

M-08 Unmitigated

Lines of code Vulnerability details Lines of code Vulnerability details Mitigation of M-08: Issue mitigated with ERROR Mitigated issue M-08: Inflation attack in VotiumStrategy The issue was that the price of afEth and of vAfEth could be inflated by donating underlying assets. Mitigation review Al...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.13 views

Inflation attack in VotiumStrategy

Lines of code Vulnerability details Summary The VotiumStrategy contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact Both AfEth and VotiumStrategy acts as vaults: accounts deposit some tokens and get back...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/06 12:0 a.m.9 views

Upgraded Q -> 3 from #16 [1691315821722]

Judge has assessed an item in Issue 16 as 3 risk. The relevant finding follows: L-04: MorphoTokenisedDeposit override decimalsOffset ==0 increase ERC4626 inflation attack risk --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Rows per page
Query Builder