Lucene search
K

334 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/13 6:54 p.m.3 views

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/13 6:54 p.m.11 views

CVE-2026-32605

The CVE concerns the Rust implementation of Nimiq PoS (nimiq/core-rs-albatross). Before version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal where signer == validators.num_validators(); the code uses ProposalSender::send with a > bound check inste...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 6:54 p.m.7 views

CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 6:54 p.m.24 views

CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS0.00463EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

core-rs-albatross 安全漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross contained a security vulnerability. This vulnerability stemmed from the use of the greater than symbol instead of the greater than or equal symbol in the send...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32505

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num validators...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/09 8:23 p.m.11 views

Wasmtime has host data leakage with 64-bit tables and Winch

Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:40 p.m.21 views

CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

2.3CVSS0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 25.0.0, 36.0.7, 42.0.2, and 43.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the Winch compiler incorrectly translating the table.size instruction, which i...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-34061

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/04/05 2:17 a.m.3 views

MINI-RFP6-QC7Q-4QHX

Bulletin has no description...

7.5CVSS5.9AI score0.00651EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:7 p.m.4 views

CVE-2026-34061

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.4 views

Malicious code in proposal-typescript (npm)

The package 'proposal-typescript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/03/16 12:0 a.m.4 views

MAL-2026-1527 Malicious code in proposal-typescript (npm)

The package 'proposal-typescript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/03/04 11:30 a.m.5 views

New RFP Template for AI Usage Control and AI Governance 

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actuall...

6.1AI score
Exploits0
NVD
NVD
added 2026/02/27 10:16 p.m.17 views

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 9:8 p.m.24 views

CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 9:8 p.m.2 views

CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS6AI score0.00204EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 9:8 p.m.20 views

CVE-2026-28402

The CVE concerns nimiq/core-rs-albatross (Rust Nimiq implementation). Before version 1.2.2, a proposer could publish a macro block where header.body_root does not equal hash(body); the macro proposal verification path validates the header but not the binding, potentially causing validators to pan...

7.1CVSS6AI score0.00204EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/27 9:8 p.m.6 views

CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS6AI score0.00204EPSS
Exploits0References6
Rows per page
Query Builder