16 matches found
EUVD-2018-0118
Malware in sbrugna...
EUVD-2025-0067
Malicious code in bioql PyPI...
EUVD-2025-19827
Malicious code in bioql PyPI...
CVE-2025-44148
CVE-2025-44148 affects MailEnable before v10 and is a Cross-Site Scripting (XSS) vulnerability in the failure.aspx component. The connected technical details describe that an attacker can cause the execution of arbitrary JavaScript in the victim’s browser, potentially leading to session hijacking...
Cosmos EVM Allows Partial Precompile State Writes
Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...
CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
Vyper Does Not Check the Success of Certain Precompile Calls
Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...
Code Execution
Send is vulnerable to untrusted code execution. The vulnerability is due to the failure to properly validate or sanitize user input before passing it to SendStream.redirect, which allows an attacker to execute arbitrary code on the server...
Actions can stuck in Queued state
Lines of code Vulnerability details Impact According to current login - if action is in a Queued state, everyone may execute that action function executeActionActionInfo calldata actionInfo external payable is external without any modifier. When execution of action fails, it, however, is not bein...
Py-EVM is vulnerable to arbitrary bytecode injection
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
CVE-2018-18920
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
Design/Logic Flaw
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
CVE-2018-18920
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...
CVE-2018-18920
CVE-2018-18920 concerns Py-EVM v0.2.0-alpha.33, where a crafted vm.execute_bytecode call can manipulate computation._stack.values (e.g., "stack": [100, 100, 0]) in a way that expects a certain byte (b'\x') and results in an invalid opcode, causing execution failure. The description ties this to a...
PT-2017-9030 · Chicken +1 · Chicken +1
Name of the Vulnerable Software and Affected Versions: CHICKEN versions prior to 4.12 Description: The issue arises from the process-execute and process-spawn procedures not freeing memory correctly when the execve call fails, leading to a memory leak. This could be exploited by an attacker to...
Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge)
Wird einer B-420 Ethernet Bridge folgende URL bergeben startet sie neu. http://IP/Forms/rpAuth1?ZyXEL20ZyWALL20Seriesscripttop.location.pathname = ""/script Wird das ganze noch einmal wiederholt startet sie nicht mehr neu, sondern hngt einfach bzw. nimmt keine Anforderungen mehr entgegen und muss...