Lucene search
K

1015 matches found

EUVD
EUVD
added 2026/04/09 5:41 p.m.6 views

EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.14 views

PT-2026-31674

Name of the Vulnerable Software and Affected Versions web3.py versions 6.0.0b3 through 7.15.0 web3.py versions 6.0.0b3 through 8.0.0b2 Description web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in the offchain lookup...

7.2CVSS6AI score0.00228EPSS
Exploits2References6
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.9 views

ContractShield: Bridging Semantic-Structural Gaps Via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them...

6AI score
Exploits0
OSV
OSV
added 2026/03/18 1:10 p.m.6 views

MAL-2026-1853 Malicious code in solana-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c99f3ecaa102d6db90dbdb52a98646914489bb992e520c1b527380e7c9574a13 The package solana-gateway-contracts-private was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:10 p.m.14 views

Malicious code in solana-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c99f3ecaa102d6db90dbdb52a98646914489bb992e520c1b527380e7c9574a13 The package solana-gateway-contracts-private was found to contain malicious code...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.4 views

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

8.1CVSS5.7AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 9:16 p.m.7 views

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

8.1CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 8:11 p.m.4 views

CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/03/05 8:11 p.m.10 views

CVE-2026-28410

CVE-2026-28410 affects The Graph protocol. Prior to v3.0.0, token vesting contracts contained a flaw enabling early access to tokens that should remain locked; the issue has been patched in v3.0.0. Connected sources confirm affected versions are before 3.0.0 and indicate remediation via upgrade t...

8.1CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.4 views

EVMbench: Evaluating AI Agents on Smart Contract Security

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/03 5:39 p.m.4 views

Cross-site Scripting (XSS)

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unchecked reflection of the righe GET parameter in the modificaiva.php modals for the contracts, quote...

9.3CVSS5.6AI score0.00245EPSS
Exploits3References2
HackRead
HackRead
added 2026/02/25 8:11 p.m.5 views

Why Intelligent Contract Solutions Are Replacing Traditional CLM Systems

Intelligent contract solutions replace traditional CLM by adding AI analysis, benchmarking, and risk insights that speed reviews, reduce delays, and improve decisions...

5.5AI score
Exploits0
OSV
OSV
added 2026/02/25 6:26 p.m.5 views

GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

6.9CVSS5.5AI score0.00177EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/02/25 6:26 p.m.8 views

@ansdomain/react-ans-address (>=0.0.31 <=0.0.32), @ansdomain/ui (>=3.8.0 <=3.8.771) +108 more potentially affected by CVE-2026-22866 via @ensdomains/ens-contracts (>=0.0.10 <=1.2.2)

@ensdomains/ens-contracts NPM version =0.0.10, =0.0.31, =3.8.0, =0.3.0-alpha, =1.2.0, =0.0.1, =0.0.1, =2.1.7, =3.4.2, =0.0.1, =3.4.5, =3.0.0-alpha.3, =2.2.2, =1.0.0, =3.0.0-alpha.3 and more Source cves: CVE-2026-22866 Source advisory: OSV:GHSA-C6RR-7PMC-73WC...

7.5CVSS5.8AI score0.00177EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/25 3:47 p.m.23 views

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

6.9CVSS0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-21935

Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...

7.5CVSS5.9AI score0.00177EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2026/02/19 12:0 a.m.6 views

PenTiDef: Enhancing Privacy and Robustness in Decentralized Federated Intrusion Detection Systems against Poisoning Attacks

The increasing deployment of Federated Learning FL in Intrusion Detection Systems IDS introduces new challenges related to data privacy, centralized coordination, and susceptibility to poisoning attacks. While significant research has focused on protecting traditional FL-IDS with centralized...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/02/17 3:29 p.m.5 views

CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities

SINGAPORE, Singapore, 17th February 2026, CyberNewswire...

5.4AI score
Exploits0
Rows per page
Query Builder