CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/01/20 7:37 a.m.•3 views

Malicious code in opensea-developer-docs (npm)

OSV•added 2024/10/09 5:6 a.m.•4 views

MAL-2024-9136 Malicious code in buy-sell-opensea-sdk-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 387f6a252dc97ef83ae3456d6a7d81fa5f49202e6cd416597e3d07d7317ae014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSSF Malicious Packages•added 2024/10/09 5:6 a.m.•1 views

Malicious code in buy-sell-opensea-sdk-demo (npm)

OSV•added 2024/06/28 8:16 p.m.•3 views

Exploits0References1

MAL-2024-10060 Malicious code in opemsea (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc39cb336ad6dd3db63ed315a6baf147f46f2c3f7bfd372c34718a1fcb815700 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

OSSF Malicious Packages•added 2024/06/28 8:16 p.m.•4 views

Malicious code in openasea (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b341e2f737b2cdad14b88c66ceb936b962e81fc63fec719b11ac94275bc16ab --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

7AI score

OSV•added 2024/06/28 8:16 p.m.•3 views

MAL-2024-10097 Malicious code in opnesea (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 56c0b9137145905e04d536383d4df93042c3742d8d6f8d9f11dec421342d87f7 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

OSV•added 2024/06/28 8:16 p.m.•1 views

MAL-2024-10099 Malicious code in opwnsea (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f70df8d1c347a280aafd4cec249c57ed1703806c6199b644b0062addac42d5b --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

Patchstack•added 2023/07/18 12:0 a.m.•5 views

WordPress Opensea Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Opensea Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d4de12a3cf9 Credits Rafie Muhammad Patchstack Required privilege...

6.2AI score

Exploits0References3Affected Software1

Code423n4•added 2023/04/13 12:0 a.m.•15 views

Oracle could possibly flag stolen NFT after the NFT already was sold to the pool which leads to non-trivial impact

Lines of code Vulnerability details Impact Stolen NFT oracle is used to check if an NFT is stolen. It depends on ReservoirOracle. Check However, a stolen NFT could still be sold to the pool if it was flagged too late for whatever reason. The issue is that the pool allows buying stolen NFTs. This ...

6.6AI score

HackRead•added 2023/03/09 10:36 p.m.•21 views

Vulnerability Revealed OpenSea NFT Market Users’ Identities

By Waqas It was a cross-site search XS-Search vulnerability that could be exploited by an attacker to obtain a user's identity. This is a post from HackRead.com Read the original post: Vulnerability Revealed OpenSea NFT Market Users Identities...

4AI score

Imperva Blog•added 2023/03/09 2:0 p.m.•26 views

Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability

TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific...

7.1AI score

Code423n4•added 2023/02/27 12:0 a.m.•8 views

Upgraded Q -> 3 from #460 [1677510923458]

Judge has assessed an item in Issue 460 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact The safeTransferFrom function on the ClearingHouse is normally used when an OpenSea auction successfully ends and the required ERC20/WETH have been transferred to the...

Code423n4•added 2023/01/22 12:0 a.m.•9 views

Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens

Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...

7.2AI score

Code423n4•added 2022/12/19 12:0 a.m.•8 views

Orders may not be fillable due to missing approvals

Lines of code Vulnerability details Not all IERC20 implementations revert when there's a failure in approve. If one of these tokens returns false, there is no check for whether this has happened during the order listing validation, so it will only be detected when the order is attempted. Impact I...

6.8AI score

HackRead•added 2022/12/13 12:4 p.m.•10 views

Animoca Brands’ Subsidiary TinyTap To Auction Second Set of Publisher NFTs

By Deeba Ahmed The auctioning will commence on 15 December on OpenSea at 19:00 EST. Publisher NFTs grant co-publishing rights to a TinyTap course. This is a post from HackRead.com Read the original post: Animoca Brands Subsidiary TinyTap To Auction Second Set of Publisher NFTs...

3.2AI score

HackRead•added 2022/06/30 8:39 p.m.•62 views

NFT Marketplace OpenSea Suffers Data Breach- Users’ Email IDs Leaked

By Deeba Ahmed In a blog post published Wednesday, OpenSea said the issue was caused by an employee of Customer.io, which is… This is a post from HackRead.com Read the original post: NFT Marketplace OpenSea Suffers Data Breach- Users Email IDs Leaked...

2.2AI score