Lucene search
+L

44 matches found

NVD
NVD
added yesterday9 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score
Exploits0References4
CVE
CVE
added yesterday17 views

CVE-2026-59695

Vulnerability summary (CVE-2026-59695). The ZenHive mpp Elixir library, when configured as a fee payer (fee_payer: true), is vulnerable to an unauthenticated remote client that can drain the fee-payer wallet in a single request. The root cause is improper validation in MPP.Tempo.Transaction.cosig...

8.3CVSS5.5AI score
Exploits0References4
Cvelist
Cvelist
added yesterday24 views

CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22951

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.0055EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/30 8:40 p.m.12 views

CVE-2025-54427

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS7AI score0.0055EPSS
Exploits0References1
NVD
NVD
added 2025/07/28 9:15 p.m.6 views

CVE-2025-54427

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS0.0055EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/28 8:20 p.m.2 views

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS6.4AI score0.0055EPSS
Exploits0References3
CVE
CVE
added 2025/07/28 8:20 p.m.17 views

CVE-2025-54427

CVE-2025-54427 (Polkadot Frontier) : The vulnerability affects Polkadot Frontier’s note_min_gas_price_target intrinsic. Before commit a754b3d, the check_inherent function was not implemented, allowing the block producer to set the target gas price without verification. This input drives MinGasPri...

6.9CVSS6.4AI score0.0055EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/28 8:20 p.m.13 views

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS0.0055EPSS
Exploits0References3
OSV
OSV
added 2025/07/28 8:20 p.m.5 views

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

6.9CVSS6.7AI score0.0055EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.6 views

PT-2025-31152 · Parity Technologies · Polkadot Frontier

Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to a754b3d Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The note min gas price target extrinsic is an inherent extrinsic, callable only by the block...

6.9CVSS6.3AI score0.0055EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.4 views

Polkadot Frontier 代码问题漏洞

Polkadot Frontier is a Polkadot EVM open source application that provides an Ether VM compatibility layer. A code issue vulnerability exists in previous versions of Polkadot Frontier a754b3d that stems from an unimplemented checkinherent function of notemingaspricetarget, which could lead to Gas...

6.9CVSS6.7AI score0.0055EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/06/09 12:0 a.m.4 views

Unraveling Ethereum'S Mempool: the Impact of Fee Fairness, Transaction Prioritization, and Consensus Efficiency

Ethereum's transaction pool mempool dynamics and fee market efficiency critically affect transaction inclusion, validator workload, and overall network performance. This research empirically analyzes gas price variations, mempool clearance rates, and block finalization times in Ethereum's...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:53 p.m.12 views

CVE-2022-23327

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service DoS...

7.5CVSS6.6AI score0.0134EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts

Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.7 views

anyone with valid token address can create DOS for accrueInterest() in prime.sol

Lines of code Vulnerability details Impact anyone or attacker with valid token address can create DOSdenial of service for accrueInterest and functions using accrueInterest in prime.sol Proof of Concept a function accrueTokens in PrimeLiquidityProvider.sol has visibility pubic,it means anyone can...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/21 12:0 a.m.10 views

Auctions run at significantly different speeds for different prize tiers

Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.51 views

SETTING block.timestamp AS THE DEADLINE COULD LEAD TO HIGHER RATE OF FAILED TRANSACTIONS

Lines of code Vulnerability details Impact The OptionsPositionManager.swapExactTokensForTokens function is used to swap assets for exact assets. Here the exact amount of source token is swapped for an amount of target token. The function uses the IUniswapV2Router01.swapExactTokensForTokens call f...

7.2AI score
Exploits0
Rows per page
Query Builder