Lucene search
K

182 matches found

CVE
CVE
added 2026/05/08 3:6 p.m.11 views

CVE-2026-41585

ZEBRA’s JSON-RPC HTTP middleware is vulnerable to Denial of Service via interrupted requests. Affected: zebrad 2.2.0–<4.3.1 and zebra-rpc 1.0.0-beta.45–

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/05/08 3:5 p.m.8 views

EUVD-2026-28654

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:5 p.m.17 views

CVE-2026-41584

ZEBRA (the Zebra node implementation for Zcash) is affected by CVE-2026-41584 due to the rk field in Orchard transactions. Prior to zebrad 4.3.1 and zebra-chain 6.0.2, an identity value for rk (the randomized validating key and elliptic-curve point) could trigger a panic in the orchard crate used...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.17 views

PT-2026-38392

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows sandboxed code to crash the host Node.js process. This occurs when a Promise constructor triggers an unhandled rejection that propagates to the host. Specifically, when sandboxed...

8.6CVSS5.9AI score0.00448EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 5:26 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52980 DESCRIPTION: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cau...

6.5CVSS5.3AI score0.00467EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-35030

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.7 Description A circular block reference within % layout % and % block % tags can trigger an infinite recursive loop. This occurs in the getBlockRender function within src/tags/block.ts during OUTPUT mode; when...

7.5CVSS5.8AI score0.00382EPSS
Exploits1References9
NVD
NVD
added 2026/04/22 8:16 p.m.8 views

CVE-2026-34064

nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...

8.2CVSS0.00275EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 7:45 p.m.24 views

CVE-2026-34065

CVE-2026-34065 affects nimiq-primitives in Nimiq’s Rust implementation. Before version 1.3.0, an untrusted p2p peer could cause a node to panic by announcing an election macro block whose validators set includes an invalid compressed BLS voting key. Hashing the election macro header hashes the va...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 p.m.6 views

CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 7:40 p.m.29 views

CVE-2026-34063 network-libp2p: Peer can crash the node by opening discovery protocol substream twice

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...

7.5CVSS0.00352EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 7:40 p.m.13 views

CVE-2026-34063

CVE-2026-34063 affects Nimiq’s network-libp2p prior to v1.3.0. The discovery mechanism assumes at most one inbound and one outbound substream per connection; if a remote peer opens the discovery protocol substream a second time, the libp2p ConnectionHandler may panic with “Inbound already connect...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 7:19 p.m.11 views

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/22 7:18 p.m.7 views

EUVD-2026-25060

nimiq-account: Vesting insufficient funds error can panic...

5.3CVSS5.7AI score0.00275EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the network-libp2p library’s use of the libp2p ConnectionHandler state machine. This handler assumes that each connection...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/04/18 1:15 a.m.7 views

GHSA-29X4-R6JV-FF4W Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...

6.9CVSS5.7AI score0.00257EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 1:14 a.m.10 views

Zebra has rk Identity Point Panic in Transaction Verification

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/04/10 11:54 a.m.7 views

SUSE-SU-2026:21167-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

9.2CVSS5.8AI score0.00519EPSS
Exploits1References5
OSV
OSV
added 2026/04/10 11:54 a.m.8 views

SUSE-SU-2026:21023-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

9.2CVSS6AI score0.00519EPSS
Exploits1References5
OSV
OSV
added 2026/04/10 11:33 a.m.3 views

OPENSUSE-SU-2026:20502-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

9.2CVSS5.8AI score0.00519EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.3 views

CVE-2026-34211

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References1
Rows per page
Query Builder