Lucene search
+L

1515 matches found

OSV
OSV
added 2026/04/22 7:47 p.m.4 views

CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...

5.3CVSS6AI score0.00242EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

Nimiq 数字错误漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a numerical error vulnerability. This vulnerability stems from the nimiq-account contract’s VestingContract::canchangebalance function, which returns AccountError::InsufficientFund...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-34547

Impact HistoryStore::put historic txns uses an assert! to enforce invariants about HistoricTransaction.block number must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into Blockchain::push...

5.3CVSS5.7AI score0.00242EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

UltraDAG 安全漏洞

UltraDAG is a lightweight IoT blockchain developed by the individual developers of UltraDAGcom. Version 0.1 of UltraDAG has security vulnerabilities. These vulnerabilities arise from the possibility for non-membership attackers to submit signed SmartOp::Vote transactions. These transactions under...

8.8CVSS5.8AI score0.00376EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011399 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

7CVSS6.4AI score0.00257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/20 9:6 p.m.7 views

kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check

A flaw was found in the Linux kernel's nftables component. A logic bug in nftmapcatchallactivate causes an inverted element activity check during the abort path of a failed transaction. This can lead to a use-after-free vulnerability, as catchall verdict elements may still reference a freed chain...

7.8CVSS6AI score0.00344EPSS
Exploits7References5
The Hacker News
The Hacker News
added 2026/04/18 7:59 a.m.9 views

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack tha...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.11 views

PT-2026-37129

Name of the Vulnerable Software and Affected Versions zebrad versions prior to 4.3.1 zebra-script versions prior to 5.0.2 Description Following a refactoring of the verification process for transparent transactions, Zebra failed to validate a consensus rule restricting the possible values of...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References14
OSV
OSV
added 2026/04/15 11:43 p.m.6 views

MAL-2026-2910 Malicious code in tailwindthml-flips (npm)

tailwindthml-flips is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 11:43 p.m.8 views

Malicious code in tailwindthml-flips (npm)

tailwindthml-flips is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/04/15 11:43 p.m.7 views

MAL-2026-2909 Malicious code in tailwind-typography-cssstyle (npm)

tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 11:43 p.m.9 views

Malicious code in tailwind-typography-cssstyle (npm)

tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/11 1:22 a.m.6 views

CVE-2026-39901

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 7:11 p.m.5 views

Improper Check for Unusual or Exceptional Conditions

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to improper handling of ARC broadcaster responses i. An attacker can...

8.7CVSS5.8AI score0.00266EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/04/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS5.8AI score0.20655EPSS
In wildExploits1References3
NVD
NVD
added 2026/04/08 10:16 p.m.5 views

CVE-2026-39901

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 10:12 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the transaction update endpoint. An attacker can bypass intended restrictions and hide protected transaction records from normal views by sending a crafted PUT request to soft-delete synced non-manual...

6.9CVSS5.4AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 9:2 p.m.19 views

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 9:2 p.m.2 views

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 9:2 p.m.12 views

CVE-2026-39901

Summary: CVE-2026-39901 affects the monetr budgeting app. Before version 1.12.3, an authenticated tenant user can use the transaction update (PUT) endpoint to soft-delete synced non-manual transactions, bypassing the intended protection that blocks deletion via the normal DELETE path. This is a s...

5.7CVSS5.9AI score0.00292EPSS
Exploits0References1
Rows per page
Query Builder