4419 matches found
PT-2026-42019
Name of the Vulnerable Software and Affected Versions ledgerhq/hw-app-eth versions prior to 6.34.7 Description An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data...
Malicious code in eth-web3-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3379 Malicious code in eth-web3-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4 Code pretends to be an ETH utility and exfiltrates the given seed/private key --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Phishing Detection in Ethereum Via Temporal Graph Contrastive Learning
Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail ...
secureflow
AI-Powered Smart Contract Security Scanner An automated block...
FreeBSD : go-ethereum -- vulnerabilities (9c8c00ce-3642-11f1-bd03-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c8c00ce-3642-11f1-bd03-3c7c3fba4204 advisory. https://github.com/ethereum/go-ethereum/security/advisories reports: Tenable has extracted the...
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
EUVD-2026-21000
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)
parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: OSV:GHSA-G4V2-QX3Q-4P64...
GO-2026-4677 Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm
Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm...
CVE-2026-3668 Freedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access control
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...
CVE-2026-3668
CVE-2026-3668 concerns Freedom Factory dGEN1 (up to 20260221) in the function AndroidEthereum of the component org.ethosmobile.webpwaemul. The weakness enables improper access controls with remote exploitation possible. The advisory states high attack complexity and that exploitation is difficult...
PT-2026-23869
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...
Freedom Factory dGEN1 授权问题漏洞
The Freedom Factory dGEN1 is a Ethereum mobile device developed by the Freedom Factory company. Versions of the Freedom Factory dGEN1 dated 20260221 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect handling of the com.dgen.alarm component, which may lead t...
Freedom Factory dGEN1 访问控制错误漏洞
The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an access control vulnerability. This vulnerability stemmed from incorrect operations on the AndroidEthereum function withi...
Freedom Factory dGEN1 授权问题漏洞
The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppReceiver function...
EVMbench: Evaluating AI Agents on Smart Contract Security
Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...
SUSE CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
SUSE CVE-2026-26314
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...