Lucene search
K

538 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 7:19 p.m.11 views

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.14 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the fact that untrusted peer devices in nimiq-primitives could declare election macroblocks whose validators contained...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34546

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::voting keys, which calls validator.voting key.uncompress.unwr...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-34061

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30786

My fellow Hungarians! I guarantee the integrity of the parliamentary elections on April 12, and that I will not exploit the zero-day vulnerability codenamed “VLAN Ghost Injection Vulnerability” CVE-2026-39011, as suggested by the Russian GRU agency! https://t.co/JaV7pRMngc...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/04/03 10:7 p.m.11 views

CVE-2026-34061

The CVE concerns nimiq/core-rs-albatross (Rust implementation of Nimiq PoS with Albatross). Before v1.3.0, an elected validator proposer could issue an election macro block whose header.interlink did not match the canonical next interlink. Honest validators accepted the proposal in verify_macro_b...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/03 10:7 p.m.18 views

CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:7 p.m.3 views

CVE-2026-34061

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/03 10:7 p.m.4 views

EUVD-2026-18895

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 10:7 p.m.4 views

CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

core-rs-albatross 数据伪造问题漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross had a data manipulation vulnerability. This vulnerability stemmed from the lack of checking the interlink bindings of election macroblocks, which could lead to the...

6.5CVSS5.7AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30254

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

eLection SQL注入漏洞

eLection is an election content management system developed by fauzantrif. Version 2.0 of eLection has a SQL injection vulnerability; this vulnerability stems from the lack of parameter id validation in the candidate management endpoint, which may lead to SQL injection attacks...

7.1CVSS5.8AI score0.00449EPSS
Exploits0References4
CVE
CVE
added 2026/02/06 11:14 p.m.9 views

CVE-2020-37154

CVE-2020-37154 affects eLection 2.0, with an authenticated SQL injection in the candidate management endpoint. The vulnerability allows manipulation of database queries through the 'id' parameter and can be leveraged with SQLMap; authorship notes suggest potential remote code execution via upload...

7.1CVSS6.6AI score0.00449EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.4 views

CVE-2020-37154

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadi...

7.1CVSS6.6AI score0.00449EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.32 views

CVE-2020-37154 eLection 2.0 - 'id' SQL Injection

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadi...

7.1CVSS0.00449EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 7:16 p.m.7 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.2 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder