MAL-2025-172947 Malicious code in anidata-hd-mafdidsa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef7118b38c8c3a55564fc1c4a30fc71b62428622f6e96bba15d7d6ed6c1b200 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet

Vulnerability description not provided...

VulnCheck KEV: CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...

There are multiple ways for admins/governance to rug users

Lines of code Vulnerability details Impact A malicious admin can steal user funds or lock their balances forever Even if the user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Proof of Concept Unlike the original Convex code that goes...

Executors can steal funds meant to be sent to users

Lines of code Vulnerability details Impact The executor can provide any value it wants as the tokenGasPrice when it calls sendFundsToUser since it is not included in the hash checks. The executor can set the value to be exactly the number that will take all of the funds the user is requesting...

An owner can rug pull and or lock users' funds

Lines of code Vulnerability details Impact By implementing malicious versions of the interfaces required by the contracts used in the set functions, an owner can rug pull user positions. Even if the owner is benevolent the fact that there is a rug vector available may negatively impact the...

Schain owners can rug pull users' funds

Lines of code Vulnerability details Impact Once a chain has been killed the chain owner is able to call getFunds on each of the deposit boxes and transfer funds/tokens wherever he/she wishes Even if the owner is benevolent the fact that there is a rug vector available may negatively impact the...

How Digital Extortion Impacts Today’s Enterprises

By now, many enterprise decision-makers are familiar with the concept of digital extortion, particularly in the form of ransomware. These encryption-based attacks lock users out of their sensitive and valuable data, applications and operating systems. Attackers demand a ransom in the form of...

Augur: A miner can manipulate the gas reporting bond

Not entirely confident I've understood this system correctly, apologies if it's wrong and feel free to stop reading if you run into an obvious mistake... Summary: add summary of the vulnerability By creating a market with themselves as designated reporter and setting a very high gas price for the...

Can YOU spot the fake?

As we predicted in 2016, cyberpropaganda is a major growth area for cybercriminals. Per that prediction, “The rise in the Internet penetration has opened the opportunity for invested parties to use the Internet as a free-for-all tool to influence public opinion to go one way or another.” Today, w...