GHSA-HC36-C89J-5F4J bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

CVE-2026-40070

The CVE-2026-40070 entry affects the BSV Ruby SDK (0.3.1–before 0.8.2). The vulnerability is in BSV::Wallet::WalletClient#acquire_certificate, which persists certificate records to storage without verifying the certifier’s signature in both acquisition_protocol paths: direct (caller-supplied fiel...

EUVD-2024-41462

Malicious code in bioql PyPI...

CVE-2024-45407

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

PT-2024-31611 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine affected versions not specified Description: The issue occurs when clients experience a Man-in-the-Middle MITM attack during the pairing process. This may allow access to an unintended client rather than failing authentication due to...