Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

31 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-0264

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00097EPSS
Exploits1References5
OSV
OSVadded 2025/01/14 6:16 p.m.1 views

PYSEC-2025-33

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
PyPA
PyPAadded 2025/01/14 6:16 p.m.6 views

PYSEC-2025-33

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

7.5CVSS7.2AI score0.00776EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/01/14 4:34 p.m.1 views

GHSA-VGF2-GVX8-XWC3 Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

2.3CVSS6.3AI score0.00776EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2025/01/14 4:34 p.m.13 views

Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

7.5CVSS6.7AI score0.00776EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2025/01/14 12:0 a.m.2 views

PT-2025-4296 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.0 through 0.4.0 Description: The Vyper Compiler has a vulnerability when using the precompiles EcRecover 0x1 and Identity 0x4, where the success flag of the call is not checked. This allows an attacker to provide a specific...

7.5CVSS6.9AI score0.00776EPSS
Exploits1References11
CNNVD
CNNVDadded 2025/01/14 12:0 a.m.3 views

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.0 and earlier versions, which stems from the compiler failing to check the success flag of a call when using pre-compiled EcRecover and Identity, which could lead to incorre...

7.5CVSS6.4AI score0.00776EPSS
Exploits1References5
Code423n4
Code423n4added 2023/11/10 12:0 a.m.59 views

Signature malleability can occur by using EVM's ecrecover

Lines of code Vulnerability details Impact EVM's ecrecover is susceptible to signature malleability which allows replay attacks, check this. Proof of Concept OffChainSignatureValidator in its function isValidSignature checks for signature validity by using vulnerable method of ecrecover. address...

7.1AI score
Exploits0
NVD
NVDadded 2023/07/25 9:15 p.m.10 views

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.3AI score0.00097EPSS
Exploits1References2
Prion
Prionadded 2023/07/25 9:15 p.m.23 views

Design/Logic Flaw

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5CVSS5.3AI score0.00097EPSS
Exploits1References2Affected Software1
PyPA
PyPAadded 2023/07/25 9:15 p.m.6 views

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS7.1AI score0.00097EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2023/07/25 9:15 p.m.13 views

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS6.9AI score0.00097EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/07/25 8:5 p.m.11 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.3AI score0.00097EPSS
Exploits1References2
OSV
OSVadded 2023/07/25 8:5 p.m.11 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.5AI score0.00097EPSS
Exploits1References4
OSV
OSVadded 2023/07/25 5:46 p.m.2 views

GHSA-F5X6-7QGP-JHF3 ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

6.9CVSS6.1AI score0.00097EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2023/07/25 5:46 p.m.30 views

ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

5.3CVSS5.4AI score0.00097EPSS
Exploits1References5Affected Software1
CNNVD
CNNVDadded 2023/07/25 12:0 a.m.2 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.10 that stems from allowing ecrecover to return undefined data for invalid signatures...

5.3CVSS5.6AI score0.00097EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/07/25 12:0 a.m.2 views

PT-2023-26172 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.10 Description: The ecrecover precompile in Vyper does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that...

6.9CVSS5.2AI score0.00097EPSS
Exploits1References9
Code423n4
Code423n4added 2023/06/14 12:0 a.m.8 views

ecrecover function is vulnerable to signature malleability

Lines of code Vulnerability details Impact Signature malleability potential exists which can be carried out by malicious actor to have two or more signatures that recover signer of same message. ecrecover function can be used to recover address by having signature and signed message hash to which...

6.8AI score
Exploits0
Code423n4
Code423n4added 2023/06/09 12:0 a.m.8 views

Lack of Event Signature Verification

Lines of code Vulnerability details Impact The functions submitExchangeRateData, submitSDPrice, and submitValidatorStats emit events without verifying the signature of the calling contract. Malicious contracts can exploit this by emitting events with misleading information, potentially deceiving...

6.9AI score
Exploits0
Rows per page
Query Builder