96 matches found
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
NPM: next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
NPM: next-intl has prototype pollution with experimental.messages.precompile via attacker-controlled translation catalog keys vulnerability discovered by ? in WordPress Npm next-intl versions = 4.9.1...
GHSA-4C35-WCG5-MM9H next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
Summary setNestedProperty in packages/next-intl/src/extractor/utils.tsx walks a dotted key path and assigns the final value without blocking the reserved keys proto, constructor, or prototype. When the next-intl Next.js plugin is configured with experimental.messages and messages.precompile: true...
Prototype Pollution
Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, o...
next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
Summary setNestedProperty in packages/next-intl/src/extractor/utils.tsx walks a dotted key path and assigns the final value without blocking the reserved keys proto, constructor, or prototype. When the next-intl Next.js plugin is configured with experimental.messages and messages.precompile: true...
NPM: mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`
NPM: mcp-data-vis vulnerable to denial of service via unsanitized select key lookup on Object.prototype with precompile: true vulnerability discovered by ? in WordPress Npm icu-minify versions = 4.9.1...
mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`
Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...
Prototype Pollution
Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
Improper Check for Unusual or Exceptional Conditions
Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can...
PT-2026-28571
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...
GHSA-54GX-3CGR-7MFM Cosmos EVM: incorrect state handling during nested EVM execution paths
Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...
Cosmos EVM: incorrect state handling during nested EVM execution paths
Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...
ens-contracts-bug-62248-pr-509
DNS SEC upgrade repo Summary This repo contains the solut...
Use of a Cryptographic Primitive with a Risky Implementation
Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...