Malicious code in ai3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83540d952123c5d1199bbec1a72d0c4c49c428f309b9d68df45e307b852000a7 package.json declares "preinstall": "./.github/scripts/precheck", which points at a 976,568-byte precompiled Linux ELF x86-64 binary shipped inside t...

GHSA-RWR8-XRPW-9QF5 solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

PT-2026-4737

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...

Polkadot Frontier 代码问题漏洞

Polkadot Frontier is a Polkadot EVM open source application that provides a compatibility layer for Ether VMs. A code issue vulnerability exists in versions of Polkadot Frontier prior to 0822030, which stems from a CallableByContract implementation error that could lead to improperly precompiled...

Hyperledger Besu 安全漏洞

Hyperledger Besu is a Hyperledger open source application. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions 24.7.1 through 25.2.2, which stems from a precompiled implementation issue that could lead to a...

VApps: Verifiable Applications at Internet Scale

Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...

Malicious code in precompiled-iris300 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2fc49c5f492a6603e16701144ee66fabcdea41176b445eb496c8e9d11caccd4 Any computer that has this package installed or running should be considered...

MAL-2025-1228 Malicious code in precompiled-iris300 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2fc49c5f492a6603e16701144ee66fabcdea41176b445eb496c8e9d11caccd4 Any computer that has this package installed or running should be considered...

Exploit for Out-of-bounds Write in Microsoft

Compiled PoC Binary For CVE-2023-28252 The repo contains a...

Caracal - Static Analyzer For Starknet Smart Contracts

Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to run in Scarb projects Installation Precompiled binaries Precompiled...

Code injection

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled...

TeamFiltration - Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of course...

Frontier 数字错误漏洞

Frontier is an ethereum-compatible layer of Substrate. A numeric error vulnerability exists in Frontier, which stems from a bug in Frontier's pre-compiled implementation of MODEXP that could lead to integer underflow in some cases. This would cause the node of the debug build to crash. No detaile...

PT-2020-16369 · Ethereum · Geth

Name of the Vulnerable Software and Affected Versions: Geth versions prior to 1.9.17 Description: This is a Consensus vulnerability in Geth that can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy contract did a shallow copy on...

Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...

Failed to load module [veeamsnap] | Failed to load module [blksnap]

Challenge A Veeam Agent for Linux backup job fails with either of the following errors: Failed to load module veeamsnap with parameters zerosnapdata=1 debuglogging=0 The number of parameters listed in the error may vary depending on Veeam Agent for Linux version. Failed to load module blksnap Cau...

PHP PDO out-of-boundaures access

Out-of-bounds access via precompiled database request...