54 matches found
CVE-2026-52785
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fix...
CVE-2026-52785
OpenProject prior to versions 17.3.3 and 17.4.1 contains a SQL injection in the timestamps functionality. The vulnerability is tied to the baseline comparison feature, where the timestamps parameter can be used to request historic work-package attributes. The issue is fixed in 17.3.3 and 17.4.1. ...
CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
CVE-2026-34066
The CVE affects the nimiq-blockchain Rust implementation. Before v1.3.0, HistoryStore::put_historic_txns asserts invariants on HistoricTransaction.block_number (must be within the macro block and same epoch). During history sync, a peer can influence the history input to Blockchain::push_history_...
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
nimiq-blockchain: Peer-triggerable panic during history sync
Impact HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into...
PT-2026-34547
Impact HistoryStore::put historic txns uses an assert! to enforce invariants about HistoricTransaction.block number must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into Blockchain::push...
EUVD-2025-104679
Malicious code in historicleopardz3n npm...
EUVD-2025-104678
Malicious code in historicorangutanz3n npm...
EUVD-2025-104680
Malicious code in historichawkz3n npm...
EUVD-2025-69947
Malicious code in historiczebraz3n npm...
Malicious code in historic_crow_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f0c4792eb71f79f9f9a54b031b33639be8f958bfd4cc7869cba10824c19c920 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-85637
Malicious code in historicsilkwormz3n npm...
Malicious code in historic-bronze-lemur (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aabd8d9cf5d7430faceb14e627350d0e936a225d57e2442d7d068121fadb9bb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in historic-purple-bat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abd4f6743c8f2eeb19d293a0518149d120c3145785ed8b89d8463d6f4766c508 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-53965
Malicious code in historic-purple-bat npm...
EUVD-2025-53966
Malicious code in historic-bronze-lemur npm...
Malicious code in historic_catshark_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4476c6ab97f99ce8b3fcf0d4ec1f008c5034a25559e82ae24e47a5bb0cb48e16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...