4419 matches found
Malicious Package
Overview ethereum-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
filecoin-audit-kit
Filecoin Security Devnet Spin up a local Filecoin network for...
@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @aayshian/n8n-aisensy-ay19 (=0.0.1) +98 more potentially affected by CVE-2026-27498 via n8n-core (>=2.0.0 <=2.1.1)
n8n-core NPM version =2.0.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.3.6, =0.1.0, =1.0.0, =0.1.4, =0.1.0, =0.1.13 and more Source cves: CVE-2026-27498 Source advisory: SNYK:JS-N8NCORE-15357608...
CVE-2026-22866
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
CVE-2026-22866
The CVE-2026-22866 entry describes a Bleichenbacher-style RSA signature forgery flaw in Ethereum Name Service (ENS) DNSSEC tooling. In ENS v1.6.2 and earlier, RSASHA256Algorithm and RSASHA1Algorithm do not validate PKCS#1 v1.5 padding correctly and only compare the trailing 32 (or 20) bytes of th...
ENS 数据伪造问题漏洞
ENS is an open-source Ethereum domain name service, involving both registrars and local resolvers. Versions of ENS 1.6.2 and earlier had a vulnerability related to data manipulation. This vulnerability stemmed from the lack of verification of the PKCS1 v1.5 padding structure during RSA signature...
GO-2026-4511 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum...
GO-2026-4507 Go Ethereum affected by crash via malicious p2p message in github.com/ethereum/go-ethereum
Go Ethereum affected by crash via malicious p2p message in github.com/ethereum/go-ethereum...
GO-2026-4508 Go Ethereum affected by DoS via malicious p2p message in github.com/ethereum/go-ethereum
Go Ethereum affected by DoS via malicious p2p message in github.com/ethereum/go-ethereum...
CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26314
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...
Malicious code in ethrpc-keys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f086c363123d21b52dc28b5a642db6c1eb84e01dc519995435476b19655d63a9 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...
CVE-2026-26314
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...