538 matches found
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the fact that untrusted peer devices in nimiq-primitives could declare election macroblocks whose validators contained...
PT-2026-34546
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::voting keys, which calls validator.voting key.uncompress.unwr...
CVE-2026-34061
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
PT-2026-30786
My fellow Hungarians! I guarantee the integrity of the parliamentary elections on April 12, and that I will not exploit the zero-day vulnerability codenamed “VLAN Ghost Injection Vulnerability” CVE-2026-39011, as suggested by the Russian GRU agency! https://t.co/JaV7pRMngc...
CVE-2026-34061
The CVE concerns nimiq/core-rs-albatross (Rust implementation of Nimiq PoS with Albatross). Before v1.3.0, an elected validator proposer could issue an election macro block whose header.interlink did not match the canonical next interlink. Honest validators accepted the proposal in verify_macro_b...
CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
CVE-2026-34061
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
EUVD-2026-18895
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
core-rs-albatross 数据伪造问题漏洞
core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross had a data manipulation vulnerability. This vulnerability stemmed from the lack of checking the interlink bindings of election macroblocks, which could lead to the...
PT-2026-30254
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...
eLection SQL注入漏洞
eLection is an election content management system developed by fauzantrif. Version 2.0 of eLection has a SQL injection vulnerability; this vulnerability stems from the lack of parameter id validation in the candidate management endpoint, which may lead to SQL injection attacks...
CVE-2020-37154
CVE-2020-37154 affects eLection 2.0, with an authenticated SQL injection in the candidate management endpoint. The vulnerability allows manipulation of database queries through the 'id' parameter and can be leveraged with SQLMap; authorship notes suggest potential remote code execution via upload...
CVE-2020-37154
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadi...
CVE-2020-37154 eLection 2.0 - 'id' SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadi...
CVE-2026-25235
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...
Linux Distros Unpatched Vulnerability : CVE-2026-25235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess...
CVE-2026-25235
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...
CVE-2026-25235
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...