Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 3:40 p.m.3 views

GHSA-G2P6-HH5V-7HFM Poseidon V1 variable-length input collision via implicit zero-padding

Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/13 3:40 p.m.48 views

EUVD-2026-11645

Poseidon V1 variable-length input collision via implicit zero-padding...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/13 3:40 p.m.14 views

Poseidon V1 variable-length input collision via implicit zero-padding

Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/12 6:16 p.m.6 views

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:47 p.m.5 views

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS5.8AI score0.00221EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/12 5:47 p.m.31 views

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 5:47 p.m.7 views

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS5.8AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 5:47 p.m.6 views

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS5.8AI score0.00221EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 5:47 p.m.21 views

CVE-2026-32129

The CVE-2026-32129 entry concerns soroban-poseidon PoseidonSponge (Poseidon V1) used in Soroban smart contracts. It states that PoseidonSponge accepts variable-length inputs without injective padding, and when inputs.len() k yields the same pre-permutation state as hashing [m1,...,mk,0], making ...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.17 views

PT-2026-25033

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

8.7CVSS5.8AI score0.00221EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

soroban-poseidon 安全漏洞

Soroban-Poseidon is a Poseidon hash function library developed by Stellar for smart contracts. Soroban-Poseidon has a security vulnerability, which stems from Poseidon V1 accepting variable-length inputs without using injective padding, potentially leading to simple hash collisions...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/26 8:54 a.m.12 views

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence AI tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary'...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/03 7:18 a.m.4 views

Malicious code in poseidon-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90aead430e86dd9f204e1a8db7e6adb050c5eeae8a938c3d570991ebac4c8ac4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/07/03 7:18 a.m.3 views

MAL-2025-5608 Malicious code in poseidon-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90aead430e86dd9f204e1a8db7e6adb050c5eeae8a938c3d570991ebac4c8ac4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Talos Blog
Talos Blog
added 2024/07/24 10:0 a.m.23 views

A (somewhat) complete timeline of Talos’ history

A lot has happened in Talos 10 years of existence. And to celebrate our birthday, we wanted to look back on some of the major moments in Talos history. Heres an overview of some of the major events, cyber attacks, research breakthroughs and more that truly make Talos Talos. We hope this walk down...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/07/01 7:9 a.m.12 views

A week in security (June 24 – June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/27 6:31 a.m.13 views

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...

7.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/04/09 3:39 a.m.9 views

camping-poseidon.de Cross Site Scripting vulnerability OBB-3910046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/17 5:46 a.m.38 views

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to servi...

7AI score
Exploits0
Rows per page
Query Builder