CVE-2023-7345

Affected software: Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7. Root cause: Integer parsing vulnerability in EIP-712 message handling due to incorrect hexadecimal field parsing when values have an odd number of characters. Impact: Attackers could obtain signatures ...

PT-2026-3050

YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a...

MAL-2025-191994 Malicious code in elf-stats-bright-star-712 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab0f48f8f876ac467ff94d31a3cd8117b40176a41c0a46c69c55647c76f14fa2 The package elf-stats-bright-star-712 was found to contain malicious code...

EUVD-2025-200957

Malicious code in elf-stats-bright-star-712 npm...

CVE-2025-62370

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

EUVD-2019-11889

Malware in sbrugna...

EUVD-2019-11892

Malware in sbrugna...

EUVD-2019-11935

Malware in sbrugna...

EUVD-2018-3996

Malware in sbrugna...

CVE-2018-13901

Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables ...

CVE-2019-2238

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2024-712)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-712 advisory. Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-22374 Tenable has extracted the...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...

Potential Incorrect Domain Separator Generation in _calculateDomainSeparator Function

Lines of code Vulnerability details The calculateDomainSeparator function generates the EIP-712 domain separator using the contract's name and version. However, there is no explicit guarantee that the name has been set before calling this function, leading to an unreliable domain separator. Impac...

Inconsistent encoding of arrays in MetaTxLib

Lines of code Vulnerability details Bug Description According to the EIP-712 specification, arrays are encoded by concatenating its elements and passing the result to keccak256: The array values are encoded as the keccak256 hash of the concatenated encodeData of their contents i.e. the encoding o...

EIP-712 typehash is incorrect for several functions in MetaTxLib

Lines of code Vulnerability details Bug Description In LensHub.sol, the second parameter of setProfileMetadataURIWithSig is declared as metadataURI: LensHub.solL119-L123 function setProfileMetadataURIWithSig uint256 profileId, string calldata metadataURI, Types.EIP712Signature calldata signature...

createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks

Lines of code Vulnerability details Impact /// @notice Mapping of policyholders to function selectors to current nonces for EIP-712 signatures. /// @dev This is used to prevent replay attacks by incrementing the nonce for each operation createAction, /// castApproval and castDisapproval signed by...

CVE-2023-33986 Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...

CVE-2023-33986

CVE-2023-33986 affects SAP CRM ABAP (Grantor Management) versions 700–714. The root cause is insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting (XSS) vulnerability. Exploitation can result in a limited impact on confidentiality and integrity of the application (no ...

Wrong Implementation of EIP-712

Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...