Lucene search
K

400 matches found

OSV
OSV
added 2026/07/02 7:44 p.m.5 views

GHSA-W834-CF6P-9M9W Zebra: Finalized address balance credit-first overflow on consensus-valid blocks

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks on any Zcash network. Summary The finalized transparent address balance writer processes all newly-created outputs credits before processing spent outputs debits within the same block. A...

6.9CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/02 7:43 p.m.10 views

GHSA-GF9R-M956-97QX zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser

Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node validates blocks on mainnet, testnet, or any network where both Zebra and zcashd nodes participate. All default configurations are affected. No feature flags, non-default settings, or...

9.3CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-46541

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:45 p.m.11 views

EUVD-2026-35882

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:44 p.m.10 views

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.16 views

CVE-2026-41583

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS5.3AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.12 views

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

8.1CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44497

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.5AI score0.00188EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/04 12:0 p.m.7 views

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +19 more potentially affected by unknown CVE via pqcrypto-falcon (>=0.2.10 <=0.4.1)

pqcrypto-falcon CARGO version =0.2.10, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.12.2, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0165...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.38 views

Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection

Smart contract vulnerabilities in Decentralized Finance DeFi protocols resulted in over 1.49 billion USD in confirmed losses in 2024 alone, across 192 incidents 1. As LLM-based vulnerability detection emerges as a promising approach to address these threats, the quality of evaluation datasets has...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.14 views

Modernizing User Privacy Preference Measurement through GPPI: A GDPR-Aligned Privacy Preference Item Bank

Privacy measurement instruments e.g., CFIP, IUIPC, PAQ predate GDPR by over a decade and measure privacy concerns, distinct from preferences for regulatory protections e.g., data portability, erasure, automated decision-making rights. This leaves practitioners without tools to assess whether user...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/08 6:27 p.m.4 views

GHSA-PVMV-CWG8-V6C8 Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output

Consensus Divergence in V5 Transparent SIGHASHSINGLE With No Corresponding Output Summary Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASHSINGLE and there is no transparent output at the same index as that input, validation mus...

9.3CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 6:27 p.m.26 views

Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output

Consensus Divergence in V5 Transparent SIGHASHSINGLE With No Corresponding Output Summary Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASHSINGLE and there is no transparent output at the same index as that input, validation mus...

5.8AI score
Exploits0References2Affected Software2
NVD
NVD
added 2026/05/08 3:17 p.m.39 views

CVE-2026-44497

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 3:16 p.m.9 views

CVE-2026-41583

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...

9.3CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:8 p.m.32 views

CVE-2026-44497

ZEBRA/ZEC network node software is affected by CVE-2026-44497 due to insufficient error handling when an invalid sighash type is encountered during sighash computation. Prior to zebrad version 4.4.0 and zebra-script version 6.0.0, this could cause the normal flow to resume with the input sighash ...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/05/08 3:8 p.m.65 views

CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:8 p.m.8 views

CVE-2026-44497

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:8 p.m.11 views

CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:8 p.m.2 views

CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS6AI score0.00188EPSS
Exploits0References3
Rows per page
Query Builder