CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2021-41272

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

EUVD-2020-19336

Malware in sbrugna...

EUVD-2022-6683

Malicious code in bioql PyPI...

EUVD-2021-28308

Malicious code in bioql PyPI...

CVE-2020-26800

A stack overflow vulnerability in Aleth Ethereum C++ client version = 1.8.0 using a specially crafted a config.json file may result in a denial of service...

[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum

Lines of code Vulnerability details Impact According to the Ethereum yellow paper and in the specifications of the ecrecover precompile, it is stated that if the ecrecover doesn't return anything denoted by ∅, then the return should be 0 as well. If we take a look at the current ecrecover...

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

Type confusion

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

CVE-2021-21369

Hyperledger Besu (Java) prior to v1.5.1 is affected by a denial‑of‑service in the HTTP JSON‑RPC API when HTTP auth is enabled. The vulnerability arises because a login step to obtain a JWT is required before API calls, and an attacker can overload the login endpoint with invalid passwords. Passwo...

Parity Browser Security Vulnerability

Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...

CVE-2017-14460

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

Paritytech Parity Bypass Homology Policy Vulnerability

Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...

CPP-Ethereum JSON-RPC Security Bypass Vulnerability

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. A security bypass vulnerability exists in the adminaddPeer API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)

Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability (CNVD-2018-02796)

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the adminpeers API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability (CNVD-2018-02799)

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the minerstart API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability (CNVD-2018-02800)

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the minerstop API for JSON-RPC in CPP-Ethereum commit version...