12 matches found
EUVD-2025-28073
Malicious code in bioql PyPI...
CVE-2025-46834
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834
Summary: CVE-2025-46834 concerns Alchemy’s Modular Account (2.x branch) prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, where the allowlist module fails to check the path from executeUserOp to execute or executeBatch. This gap permits any session key to bypass access controls and access...
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
PT-2025-21362 · Unknown · Modular Account De Alchemy
Name of the Vulnerable Software and Affected Versions: Modular Account de Alchemy versions prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 Description: The issue concerns a bug in the allowlist module of Modular Account de Alchemy, which is compatible with ERC-4337 and ERC-6900. This bug...
Modular Account 安全漏洞
Modular Account is an open source application from Alchemy. A security vulnerability exists in Modular Account that stems from the allowlist module not checking the executeUserOp path, which could lead to bypassing access control restrictions...
GHSA-WFM2-RQ5G-F8V5 @account-kit/smart-contracts Allowlist Module Bypass Vulnerability
Summary Allowlist module contains a bypass vulnerability Details The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration Action If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of...
@account-kit/smart-contracts Allowlist Module Bypass Vulnerability
Summary Allowlist module contains a bypass vulnerability Details The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration Action If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of...
PT-2025-19429 · Npm · @Account-Kit/Smart-Contracts
Summary Allowlist module contains a bypass vulnerability Details The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration Action If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of...