Lucene search
K

4419 matches found

ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.9 views

PT-2026-42019

Name of the Vulnerable Software and Affected Versions ledgerhq/hw-app-eth versions prior to 6.34.7 Description An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data...

6.9CVSS5.8AI score0.00263EPSS
Exploits0References7
ossf
ossf
added 2026/05/08 7:20 a.m.17 views

Malicious code in eth-web3-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
osv
osv
added 2026/05/08 7:20 a.m.11 views

MAL-2026-3379 Malicious code in eth-web3-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
snyk
snyk
added 2026/05/06 7:57 p.m.8 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
packetstormnews
packetstormnews
added 2026/05/01 12:0 a.m.8 views

Phishing Detection in Ethereum Via Temporal Graph Contrastive Learning

Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail ...

5.8AI score
Exploits0
githubexploit
githubexploit
added 2026/04/26 8:18 p.m.135 views

secureflow

AI-Powered Smart Contract Security Scanner An automated block...

5.7AI score
Exploits0
nessus
nessus
added 2026/04/17 12:0 a.m.9 views

FreeBSD : go-ethereum -- vulnerabilities (9c8c00ce-3642-11f1-bd03-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c8c00ce-3642-11f1-bd03-3c7c3fba4204 advisory. https://github.com/ethereum/go-ethereum/security/advisories reports: Tenable has extracted the...

8.7CVSS5.8AI score0.0058EPSS
Exploits0References7
nvd
nvd
added 2026/04/09 6:17 p.m.5 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

7.2CVSS0.00228EPSS
Exploits2References2
euvd
euvd
added 2026/04/09 5:41 p.m.6 views

EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References2
vulnersosv
vulnersosv
added 2026/04/08 12:14 a.m.8 views

parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)

parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: OSV:GHSA-G4V2-QX3Q-4P64...

5.3CVSS5.8AI score0.00193EPSS
Exploits0
osv
osv
added 2026/03/12 8:57 p.m.6 views

GO-2026-4677 Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm

Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm...

5.9AI score
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/07 4:2 p.m.4 views

CVE-2026-3668 Freedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access control

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

3.1CVSS5.4AI score0.0027EPSS
Exploits0References4
cve
cve
added 2026/03/07 4:2 p.m.15 views

CVE-2026-3668

CVE-2026-3668 concerns Freedom Factory dGEN1 (up to 20260221) in the function AndroidEthereum of the component org.ethosmobile.webpwaemul. The weakness enables improper access controls with remote exploitation possible. The advisory states high attack complexity and that exploitation is difficult...

3.1CVSS5.4AI score0.0027EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/07 12:0 a.m.6 views

PT-2026-23869

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

3.1CVSS5.4AI score0.0027EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.8 views

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device developed by the Freedom Factory company. Versions of the Freedom Factory dGEN1 dated 20260221 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect handling of the com.dgen.alarm component, which may lead t...

5.3CVSS6.1AI score0.00105EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.7 views

Freedom Factory dGEN1 访问控制错误漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an access control vulnerability. This vulnerability stemmed from incorrect operations on the AndroidEthereum function withi...

3.1CVSS5.8AI score0.0027EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.6 views

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppReceiver function...

5.3CVSS6.1AI score0.00103EPSS
Exploits0References5
packetstormnews
packetstormnews
added 2026/03/05 12:0 a.m.4 views

EVMbench: Evaluating AI Agents on Smart Contract Security

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...

5.9AI score
Exploits0
susecve
susecve
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26313

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...

7.5CVSS6AI score0.00578EPSS
Exploits0References3
susecve
susecve
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

8.7CVSS5.9AI score0.0058EPSS
Exploits0References3
Rows per page
Query Builder