34 matches found
EUVD-2025-22951
Malicious code in bioql PyPI...
EUVD-2025-22944
Malicious code in bioql PyPI...
EUVD-2025-22949
Malicious code in bioql PyPI...
Malicious Package
Overview polkadot-apps is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in polkadot-apps (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59092b31b08f13b01c42d1e03ec24bdaf044459cc73c90f1ac4c458dbb5817a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47100 Malicious code in polkadot-apps (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59092b31b08f13b01c42d1e03ec24bdaf044459cc73c90f1ac4c458dbb5817a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54429
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54426
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54429
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54426
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54429
CVE-2025-54429 concerns Polkadot Frontier’s CallableByContract addressing logic, where precompile calls could be misclassified due to treating contract addresses under CREATE/CREATE2 as AddressType::EOA instead of AddressType::Contract. This misclassification affects custom precompile implementat...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54426
Summary: Polkadot Frontier’s Curve25519Add and Curve25519ScalarMul precompiles mis-handle invalid Ristretto point representations in versions before commit 36f70d1, silently treating malformed inputs as the Ristretto identity element and potentially yielding incorrect cryptographic results. This ...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...