1015 matches found
EUVD-2026-21000
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
PT-2026-31674
Name of the Vulnerable Software and Affected Versions web3.py versions 6.0.0b3 through 7.15.0 web3.py versions 6.0.0b3 through 8.0.0b2 Description web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in the offchain lookup...
ContractShield: Bridging Semantic-Structural Gaps Via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts
Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them...
MAL-2026-1853 Malicious code in solana-gateway-contracts-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c99f3ecaa102d6db90dbdb52a98646914489bb992e520c1b527380e7c9574a13 The package solana-gateway-contracts-private was found to contain malicious code...
Malicious code in solana-gateway-contracts-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c99f3ecaa102d6db90dbdb52a98646914489bb992e520c1b527380e7c9574a13 The package solana-gateway-contracts-private was found to contain malicious code...
Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors
OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...
SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction
Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...
CVE-2026-28410
The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...
CVE-2026-28410
The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...
CVE-2026-28410 The Graph: Revocable vesting contracts allows early access to locked tokens
The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...
CVE-2026-28410
CVE-2026-28410 affects The Graph protocol. Prior to v3.0.0, token vesting contracts contained a flaw enabling early access to tokens that should remain locked; the issue has been patched in v3.0.0. Connected sources confirm affected versions are before 3.0.0 and indicate remediation via upgrade t...
EVMbench: Evaluating AI Agents on Smart Contract Security
Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...
Cross-site Scripting (XSS)
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unchecked reflection of the righe GET parameter in the modificaiva.php modals for the contracts, quote...
Why Intelligent Contract Solutions Are Replacing Traditional CLM Systems
Intelligent contract solutions replace traditional CLM by adding AI analysis, benchmarking, and risk insights that speed reviews, reduce delays, and improve decisions...
GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...
@ansdomain/react-ans-address (>=0.0.31 <=0.0.32), @ansdomain/ui (>=3.8.0 <=3.8.771) +108 more potentially affected by CVE-2026-22866 via @ensdomains/ens-contracts (>=0.0.10 <=1.2.2)
@ensdomains/ens-contracts NPM version =0.0.10, =0.0.31, =3.8.0, =0.3.0-alpha, =1.2.0, =0.0.1, =0.0.1, =2.1.7, =3.4.2, =0.0.1, =3.4.5, =3.0.0-alpha.3, =2.2.2, =1.0.0, =3.0.0-alpha.3 and more Source cves: CVE-2026-22866 Source advisory: OSV:GHSA-C6RR-7PMC-73WC...
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
PT-2026-21935
Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...
PenTiDef: Enhancing Privacy and Robustness in Decentralized Federated Intrusion Detection Systems against Poisoning Attacks
The increasing deployment of Federated Learning FL in Intrusion Detection Systems IDS introduces new challenges related to data privacy, centralized coordination, and susceptibility to poisoning attacks. While significant research has focused on protecting traditional FL-IDS with centralized...
CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities
SINGAPORE, Singapore, 17th February 2026, CyberNewswire...