CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained security vulnerabilities. These vulnerabilities stemmed from defects in the ECIES encryption implementation, allowing attackers to extract bits from the keys of p2p nod...

go-ethereum 输入验证错误漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained a vulnerability related to input validation errors. This vulnerability allowed attackers to force vulnerable nodes to shut down or crash through specially crafted...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the GenerateShared function in ecies.go. An attacker can extract bits of the p2p node key during an RLPx handshake by sending a series of malicious ephemeral public keys and inferring the validity of bits based o...

GHSA-2GJW-FG97-VG3R Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto to version 1.16.9 or higher...

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/secp256k1 to version 1.16.9 ...

CVE-2022-4381

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-1928

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9...

PT-2024-6383

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.17.5 HashiCorp Vault Enterprise versions prior to 1.17.5 and 1.16.9 Description The issue is related to the storage of client tokens and token accessors in plaintext in the audit log due to the removal of...

WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin MultiParcels Shipping For WooCommerce versions 1.16.9...

CVE-2022-4362 Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

WordPress plugin Popup Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Popup Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-14272 · WordPress · Popup Maker

Name of the Vulnerable Software and Affected Versions: Popup Maker WordPress plugin versions prior to 1.16.9 Description: The issue is related to the lack of validation and escaping of one of the shortcode attributes in the Popup Maker WordPress plugin. This could allow users with a role as low a...

Gitea < 1.16.9 Access Control Vulnerability

Gitea is prone to an access control vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...