Lucene search
+L

18 matches found

NVD
NVD
added 4 hours ago4 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
NVD
NVD
added 4 hours ago4 views

CVE-2026-59694

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
NVD
NVD
added 4 hours ago6 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
CVE
CVE
added 5 hours ago10 views

CVE-2026-59252

The CVE-2026-59252 entry describes a missing gas_limit validation in ZenHive mpp when configured as a fee payer (fee_payer: true). The MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without ensuring the client-supplied gas_limit is sufficient, allowing ...

8.2CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.9AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-45160

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
CVE
CVE
added 5 hours ago8 views

CVE-2026-59694

CVE-2026-59694 affects ZenHive mpp (Elixir library) when configured as the fee payer. The issue occurs in MPP.Tempo.Transaction.cosign_fee_payer/3, which re-signs client-supplied base fields of the 0x76 AASigned envelope verbatim, including the EIP-2930 access list, without validating length or c...

8.3CVSS5.6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-59694

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.6AI score
Exploits0References5Affected Software1
CVE
CVE
added 5 hours ago12 views

CVE-2026-59695

Vulnerability summary (CVE-2026-59695). The ZenHive mpp Elixir library, when configured as a fee payer (fee_payer: true), is vulnerable to an unauthenticated remote client that can drain the fee-payer wallet in a single request. The root cause is improper validation in MPP.Tempo.Transaction.cosig...

8.3CVSS5.5AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-45158

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score
Exploits0References4
OSV
OSV
added 2026/03/29 3:20 p.m.7 views

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

9.3CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/29 3:20 p.m.10 views

mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/12 2:50 p.m.5 views

GHSA-X442-M7CC-HR92 kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy

Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...

6.9CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:50 p.m.7 views

kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy

Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...

5.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder