12 matches found
Malicious code in thirdwb (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...
Malicious code in thirdwebb (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwebb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...
MAL-2026-6693 Malicious code in thirdwb (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...
MAL-2025-36400 Malicious code in test-mlw2-taker-crash (npm)
The package test-mlw2-taker-crash was found to contain malicious code...
Malicious code in test-mlw2-taker-crash (npm)
The package test-mlw2-taker-crash was found to contain malicious code...
SourceCodester Online Quiz System Cross-Site Scripting Vulnerability
Online Quiz System is an online testing platform. A cross-site scripting vulnerability exists in SourceCodester Online Quiz System version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameter quiztaker/yearsection...
Taker can provide several instances of the cheapest ERC-1155 item in a multi item bundle
Lines of code Vulnerability details Maker bid for a bundle of ERC-1155 items can be tricked into successful execution by providing several instances of the cheapest item instead of the required bundle. This way a malicious taker can receive full maker's price, providing several instances of the...
Swivel: Taker is charged fees twice in exitVaultFillingVaultInitiate
Handle itsmeSTYJ Vulnerability details Impact Taker is charged fees twice in exitVaultFillingVaultInitiate . Maker is transferring less than premiumFilled to taker and then taker is expected to pay fees i.e. taker's net balance is premiumFilled - 2fee Recommended Mitigation Steps function...
Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect
Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...
PT-2017-11790
Name of the Vulnerable Software and Affected Versions dataTaker DT80 dEX version 1.50.012 Description The issue allows remote attackers to obtain sensitive credential and configuration information. This can be achieved via a direct request for the "/services/getFile.cmd?userfile=config.xml" API...
Jungle Care Taker - BSD license, Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application Jungle Care Taker published at the 'play' market has multiple vulnerabilities...
[SECURITY] Fedora 7 Update: kdeutils-3.5.8-2.fc7
Utilities for the K Desktop Environment. Includes: ark tar/gzip archive manager; kcalc scientific calculator; kcharselect character selector; kdepasswd change password; kdessh ssh front end; kdf view disk usage; kedit simple text editor; kfloppy floppy formatting tool; kgpg gpg gui khexedit hex...