web3.py 代码问题漏洞

web3.py is an open-source Python library developed by ethereum for interacting with the Ethereum blockchain. There were code-related vulnerabilities in versions of web3.py from 6.0.0b3 to 7.15.0, as well as in version 8.0.0b2. These vulnerabilities stemmed from a lack of target validation when...

Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

Decentralized finance DeFi protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes...

CVE-2025-41094

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers...

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...