Lucene search
+L

1015 matches found

CNNVD
CNNVD
added 2026/02/13 12:0 a.m.7 views

TON 安全漏洞

TON is a blockchain software developed under open source by TON. Versions of TON prior to v2024.10 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of vmstate and continuation jump instructions, which could allow attackers to exploit the system through...

7.5CVSS5.9AI score0.00604EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 7:24 a.m.9 views

Malicious code in l2-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb0d21ff2e4e02ef879ddbcc41ef5c3d957ef37495bb5815beb17335f6579acc The package l2-contracts was found to contain malicious code. Source: ghsa-malware 8d05d077850c263135146bdb5b17ae9606f3f4fcd7eff921214f6ed00118cc4e A...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 7:24 a.m.6 views

Malicious Package

Overview l2-contracts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/02/03 7:24 a.m.6 views

MAL-2026-683 Malicious code in l2-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb0d21ff2e4e02ef879ddbcc41ef5c3d957ef37495bb5815beb17335f6579acc The package l2-contracts was found to contain malicious code. Source: ghsa-malware 8d05d077850c263135146bdb5b17ae9606f3f4fcd7eff921214f6ed00118cc4e A...

5.5AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.6 views

A Risk-Stratified Benchmark Dataset for Bad Randomness (SWC-120) Vulnerabilities in Ethereum Smart Contracts

Many Ethereum smart contracts rely on block attributes such as block.timestamp or blockhash to generate random numbers for applications like lotteries and games. However, these values are predictable and miner-manipulable, creating the Bad Randomness vulnerability SWC-120 that has led to real-wor...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.6 views

ZkRansomware: Proof-Of-Data Recoverability and Multi-Round Game Theoretic Modeling of Ransomware Decisions

Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.14 views

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

7.5CVSS6.8AI score0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.7 views

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

6.5CVSS6.7AI score0.0134EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.13 views

CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

5.3CVSS6.7AI score0.00657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.13 views

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

5.3CVSS6.6AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.12 views

CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

9.8CVSS6.8AI score0.01439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.6 views

CVE-2021-2254

Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite component: Hold Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts...

8.1CVSS6.5AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.15 views

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

7.5CVSS6.6AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.13 views

CVE-2022-31198

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...

7.5CVSS6.6AI score0.00648EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:39 a.m.16 views

CVE-2022-35961

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...

7.9CVSS6.7AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/06 1:43 p.m.7 views

EUVD-2026-1104

Malicious code in evm-gateway-contracts-private npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/06 1:43 p.m.10 views

Malicious code in evm-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d7fcec6a0025a21ed0b14bdd643dc22965e7c3ccd6dee0bfa6bf3285b97aac The package evm-gateway-contracts-private was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
OSV
OSV
added 2026/01/06 1:43 p.m.6 views

MAL-2026-88 Malicious code in evm-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d7fcec6a0025a21ed0b14bdd643dc22965e7c3ccd6dee0bfa6bf3285b97aac The package evm-gateway-contracts-private was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/05 7:57 p.m.8 views

@zentity/fhevm-contracts (>=0.1.0 <=0.2.0) potentially affected by unknown CVE via @openzeppelin/confidential-contracts (=0.3.0)

@openzeppelin/confidential-contracts NPM version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @openzeppelin/confidential-contracts and may be impacted: - @zentity/fhevm-contracts =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
HackRead
HackRead
added 2025/12/18 6:37 p.m.11 views

Lazarus Group Embed New BeaverTail Variant in Developer Tools

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts...

7AI score
Exploits0
Rows per page
Query Builder