CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-42478

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00084EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•10 views

EUVD-2023-35601

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00681EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 12:20 a.m.•4 views

CVE-2022-48216

Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds...

7.5CVSS6.8AI score0.0041EPSS

Exploits1

NVD•added 2025/01/28 4:15 p.m.•6 views

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

9.3CVSS0.00078EPSS

Exploits0References3

Cvelist•added 2025/01/28 3:41 p.m.•18 views

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

9.3CVSS0.00078EPSS

Exploits0References3

The Hacker News•added 2024/10/15 2:43 p.m.•10 views

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of...

7AI score

Exploits0

CNNVD•added 2024/02/08 12:0 a.m.•3 views

Binance Trust Wallet app Security Feature Issue Vulnerability

Binance Trust Wallet app is an application by Binance to securely send, receive and store Bitcoin and many other cryptocurrencies and digital assets. A security signature issue vulnerability exists in previous versions of the Binance Trust Wallet app iOS 3cd6e8f647fbba8b5d8844fcd144365a086b629f,...

7.5CVSS6.7AI score0.00191EPSS

Exploits1References3

Code423n4•added 2023/12/08 12:0 a.m.•17 views

Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits

Lines of code Vulnerability details Impact Multiple re-entrancy issues exist in the codebase, that break core functionality and allow stealing of user funds. In AuctionDemo.sol contract re-entrancy in cancelBid and cancelAllBids allows stealing of user funds. There are multiple attack surfaces,...

7AI score

Exploits0

Code423n4•added 2023/11/10 12:0 a.m.•12 views

A malicious contributor can increase voting power maliciously and eventually steal funds!

Lines of code Vulnerability details Impact Unlimited voting power for attacker and stealing of funds ! Proof of Concept All of the contribute functions uses msg.value to calculate the votingpower . For example , contribute function looks like this : function contribute uint256 tokenId, address...

7.1AI score

Exploits0

Code423n4•added 2023/10/26 12:0 a.m.•6 views

Incorrect Order of Operations in nukeFromOrbit Function

Lines of code Vulnerability details Impact the nukeFromOrbit function, the nonReentrant modifier is correctly applied. This means that the function cannot be reentered while it is already being executed the problem is that The blockAccountstate, accountAddress function is called before...

7AI score

Exploits0

Code423n4•added 2023/10/11 12:0 a.m.•8 views

"deployProxyDelegatorIfNeeded" Can Be Exploited To Steal Funds Or Even Cause Denial Of Service

Lines of code Vulnerability details Impact In circumstances whereby transferIndex is greater than or equal to sources length but less than targets length, there are remaining target addresses to process. DelegateMulti Function calls createProxyDelegatorAndTransfer to handle any remaining target...

7AI score

Exploits0

Code423n4•added 2023/10/06 12:0 a.m.•5 views

VirtualAccount::payableCall is missing access control

Lines of code Vulnerability details Impact The lack of access control in VirtualAccount::payableCall function allows anyone to execute arbitrary calls with any contract from a user's VirtualAccount. This enables malicious actors to steal user's funds easily, ultimately resulting in a...

7.6AI score

Exploits0

CVE•added 2023/10/04 6:48 p.m.•48 views

CVE-2023-38701

CVE-2023-38701 (Hydra) affects Hydra’s head protocol on Cardano. Before v0.12.0, the commit validator and the initial validator contain a flawed check when the ViaAbort redeemer is used, allowing any user to arbitrarily spend UTxOs at the validator. This enables an attacker to steal funds users c...

9.1CVSS9.3AI score0.00084EPSS

Exploits1References4Affected Software1

Code423n4•added 2023/09/07 12:0 a.m.•12 views

Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update

Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...

7AI score

Exploits0

Code423n4•added 2023/08/04 12:0 a.m.•9 views

borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...

6.9AI score

Exploits0

Code423n4•added 2023/07/05 12:0 a.m.•31 views

Many create methods are suspicious of the reorg attack

Lines of code Vulnerability details Proof of Concept There are many instance of this, but to understand things better, taking the example of createTalosV3Strategy method. The createTalosV3Strategy function deploys a new TalosStrategyStaked contract using the create, where the address derivation...

6.8AI score

Exploits0

Code423n4•added 2023/06/09 12:0 a.m.•38 views

Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...

7.1AI score

Exploits0

Code423n4•added 2023/05/21 12:0 a.m.•7 views

Should check for _data.amount.value

Lines of code Vulnerability details Impact msg.value is not checked in didPay, if swap is not successful, the eth amount sent back to the terminal is data.amount.value, which is provided by the user. If there is leftover eth in the contract, the fund could be stolen. Proof of Concept Some eth cou...

6.7AI score

Exploits0

Code423n4•added 2023/05/04 12:0 a.m.•5 views

Integer Overflow in Endian Library

Lines of code Vulnerability details Impact An integer overflow can lead to unexpected behavior in a smart contract, potentially causing financial loss or disruption of the contract's intended functionality. Proof of Concept If the input value passed to the function exceeds 64 bits, an integer...

7.2AI score

Exploits0

OSV•added 2023/04/27 5:15 a.m.•11 views

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

5.9CVSS7AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by