372 matches found
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the addRepeatIntervalToTime function. An attacker can exhaust server resources and render the application unresponsive by creating tasks with extremely small repeat intervals and due dates far ...
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
PT-2026-31950
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
EUVD-2026-0158
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
Malicious code in delta-encrypt-decrypt-process-hot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47be4747508a9978698f14c3a6e3c22e2b2fd3bfe34ece2ef5c5445dfc296dbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in async-public-eslint-plugin-loop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8260827b01d06f49fa980d26d357da964681809e032e0c1e4ea86afb5a6ad66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186473 Malicious code in dagda-polaris-entanglement-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5325a6a4cc8abbb32dc79710052d24b808fd1692e4b2370bfa9cf74f61373dc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sublimation-sadr-magellan-sqlite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 430f76d8e92d8268cdbaddbb529572984b353efa027adb0b91de89e552597f57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zephyr-auriga-node-config-wolf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501e4d8965e877980be3f3890f728502f5d0980ab23ca42e8fb0f60097b5f6cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189439 Malicious code in semantic-release-boson-lepton-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdb5355d7a6caf4ed4524b31f706aedd024df4b09ee0659e35613815b8d89df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transport-babel-dagda-electron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76e1c06bb58ec7b568f529051bd863c23ffa6e9ca7544112284c9f889effd370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in technocracy-buffer-outercore-tethys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae5d1bd386bf4f9a8111c62e518b2e370823fd957948a4bc87ccd3099fcf4180 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ichnology-ursa-petrology-cluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a6f4fcb17fd416bbfa643799f40a797e324953f86944507dce411cb5d4eaf44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186857 Malicious code in eta-sed-assert-spy-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aba02fba2294b944dedb22735bc1a124430a994c135af1e2b1361494f868a743 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189010 Malicious code in quantumfoam-dysonswarm-io-aquarius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d4c40ddfac96db4d16617d8dbd26b31056e7c745f29098ffc857d010c1e67a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mitokik-oni-oladiaps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88bb78545dc9bdeacf5fcc1720cd2b74f230c9beb4ab9fac6d9833ac643f6e97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in modaiv-kvu-ibuagoufavydauacab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb3e18a40ae923fbe3c49040521b72160640a3310c665ecd6f6a636f04611817 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183270 Malicious code in kisut-diufg-dv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68957d382b039a663bd700fc2d83feddb06b78a310f52246135676127a6c69ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonic-oig-tmoerocneauaca (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e750d62585919a24f07184257b851f20b1a9ad55a634e42a7cadae3c1bd19f40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in modiov-kin-afba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3361856150772b5516990bc450e14a2cbeba1500bd01e90bb6d14c57a75c4d11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...