Lucene search
K

28 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...

5.9CVSS5.2AI score0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 11:44 p.m.8 views

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:44 p.m.32 views

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:44 p.m.19 views

CVE-2026-46539

CVE-2026-46539 affects Nimiq (Rust, Albatross-based PoS). Prior to 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven returns true without cryptographic verification when get_interlink_hops yields an empty hop list, specifically for the target block at the election block position immedia...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 7:38 p.m.11 views

GHSA-799F-29JM-GR6C nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score0.0015EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/21 7:38 p.m.11 views

nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score0.0015EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42669

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.4.0 Description A logic flaw in the is block proven function within BlockInclusionProof allows the function to return true without performing cryptographic verification when get interlink hops returns an empty hop lis...

5.9CVSS5.5AI score0.0015EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42602

Impact A logic flaw in BlockInclusionProof::is block proven causes the function to return true without performing any cryptographic verification when get interlink hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score
Exploits0References6
CVE
CVE
added 2026/04/25 8:46 a.m.13 views

CVE-2026-31674

The CVE-2026-31674 issue affects the Linux kernel netfilter ip6t_rt module, where processing IPv6 routing header (RT) match rules can overflow addrnr if it exceeds IP6T_RT_HOPS. The root cause is rt_mt6() using addrnr outside rtinfo->addrs[] bounds. A patch added validation of addrnr during ru...

7.1CVSS5.3AI score0.00117EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/03/26 9:42 p.m.8 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the gateway.trustedProxies process. An attacker can impersonate the client origin by sending spoofed loopback hops in forwarding headers, which may weaken downstrea...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 9:42 p.m.5 views

OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection

Summary When gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

6.5CVSS5.8AI score0.00314EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/03 5:14 a.m.4 views

Malicious Package

Overview hops-preset-jest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/15 3:57 p.m.6 views

Malicious code in hops-preset-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8165500e6c415192d0b46d0e106f29fb3ae49fce7538b2da40a9e398998c087d The package hops-preset-jest was found to contain malicious code. Source: ghsa-malware d1e4e88ca9b17e3778d9b7f4aa3d9cb2a94cc7ac234505750c84264eb43440...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/15 3:57 p.m.5 views

MAL-2026-908 Malicious code in hops-preset-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8165500e6c415192d0b46d0e106f29fb3ae49fce7538b2da40a9e398998c087d The package hops-preset-jest was found to contain malicious code. Source: ghsa-malware d1e4e88ca9b17e3778d9b7f4aa3d9cb2a94cc7ac234505750c84264eb43440...

5.9AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.3 views

Schrodinger'S Toolbox: Exploring the Quantum Rowhammer Attack

Residual cross-talk in superconducting qubit devices creates a security vulnerability for emerging quantum cloud services. We demonstrate a Clifford-only Quantum Rowhammer attack-using just X and CNOT gates-that injects faults on IBM's 127-qubit Eagle processors without requiring pulse-level...

7AI score
Exploits0
OSV
OSV
added 2024/01/31 10:36 a.m.3 views

CLSA-2024-1706697415 squid: Fix of CVE-2023-50269

CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...

8.6CVSS7.2AI score0.57627EPSS
Exploits0References1
OSV
OSV
added 2024/01/23 4:35 p.m.3 views

CLSA-2024-1706027727 squid: Fix of CVE-2023-50269

CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...

8.6CVSS7.2AI score0.57627EPSS
Exploits0References1
OSV
OSV
added 2024/01/23 4:33 p.m.3 views

CLSA-2024-1706027577 squid34: Fix of CVE-2023-50269

CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...

8.6CVSS7.2AI score0.57627EPSS
Exploits0References1
OSV
OSV
added 2024/01/23 4:22 p.m.4 views

CLSA-2024-1706026919 Fix CVE(s): CVE-2023-50269

SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...

8.6CVSS7.2AI score0.57627EPSS
Exploits0References1
OSV
OSV
added 2024/01/23 4:18 p.m.2 views

CLSA-2024-1706026686 Fix CVE(s): CVE-2023-50269

SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...

8.6CVSS7.2AI score0.57627EPSS
Exploits0References1
Rows per page
Query Builder