Malicious code in @2oolkit/hyperliquid-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the correctlySpends process. An attacker can bypass output verification by supplying a crafted signature and public key pair, allowing unauthorized transaction validation. Remediation...

HCL Aftermarket DPC Session Fixation Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a session fixation vulnerability that can be exploited by an attacker to take over a user's session and conduct unauthorized transactions...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

EUVD-2025-209055

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

OpenEMR 信息泄露漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR from 5.0.2 to 8.0.0 contained a security...

PT-2026-7957

Name of the Vulnerable Software and Affected Versions CediPay versions prior to 1.2.3 Description A flaw exists in CediPay that allows attackers to bypass input validation within the transaction API. Exploitation could lead to unauthorized transactions, exposure of sensitive financial data, and...

SAP NetWeaver Application Server for ABAP 跨站请求伪造漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform from SAP, Germany. A cross-site request forgery vulnerability exists in SAP NetWeaver Application Server for ABAP, which stems from a cross-site request forgery vulnerability that could lead to bypassing authorization...

EUVD-2020-0088

Malware in sbrugna...

EUVD-2025-11473

Malicious code in bioql PyPI...

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishi...

removeDelegatedSigner() will not undelegate address for signing.

Lines of code Vulnerability details Impact Impact is critical as delegator addresses will still retain delegator roll even after the removeDelegatedSigner is called by user. Proof of Concept function setDelegatedSigner is used to set delegation function setDelegatedSigneraddress delegateTo extern...

Malicious Module can change the policy commit of a Gnosis Safe console Account

Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...

Unintended or Malicious Use of Prize Winners' Hooks

Lines of code Vulnerability details Impact The setHooks function in Vault.sol allows users to set arbitrary hooks, potentially enabling them to make external calls with unintended consequences. This vulnerability could lead to various unexpected behaviors, such as unauthorized side transactions...

untyped data signing

Lines of code Vulnerability details in function deployHolographableContract the bytes32 hash is directly encoded without adding any domain separator . this will cause several issues an attacker can front run the signature and use them on same contract on another chain . eg a user wants to call...

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

In what's the latest crypto heist to target the decentralized finance DeFi space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped...

BuyCrowdfund.buy lacks access control

Lines of code Vulnerability details Impact Anyone can call BuyCrowdfund.buy and BuyCrowdfund.buy will call any function at any address and can send eth up to maximumPriceWhen maximumPrice is 0, all ETH in the contract can be sent. Consider maximumPrice = 70 ETH, the current seller's listing price...