4 matches found
CVE-2026-54431
A flaw was found in liboauth2. The Demonstrating Proof-of-Possession DPoP verifier incorrectly accepts a malformed DPoP proof. This proof contains private key material in its JSON Web Key JWK header, which should be rejected according to RFC 9449. This vulnerability could allow an attacker to...
CVE-2026-13750
Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...
MAL-2026-4220 Malicious code in web3-secrets-detector (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
CVE-2024-54134
CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...