Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

91 matches found

Snyk
Snykadded 2026/02/18 10:35 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto to version 1.16.9 or higher...

8.7CVSS5.6AI score0.00058EPSS
Exploits0References2
Snyk
Snykadded 2026/02/18 10:35 p.m.0 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/secp256k1 to version 1.16.9 ...

8.7CVSS5.6AI score0.00058EPSS
Exploits0References2
Snyk
Snykadded 2025/10/30 5:10 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-54990

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00323EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-3162

Malicious code in bioql PyPI...

4.9CVSS5AI score0.00187EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-6905

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00131EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-54991

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.0021EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-2944

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00217EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2020-28498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm th...

6.8CVSS6.9AI score0.03935EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.2 views

Malicious code in frost-secp256k1-evm (npm)

The package frost-secp256k1-evm was found to contain malicious code...

7AI score
Exploits0
OSV
OSVadded 2025/08/14 6:52 p.m.1 views

MAL-2025-20994 Malicious code in frost-secp256k1-evm (npm)

The package frost-secp256k1-evm was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVEadded 2025/07/03 2:22 a.m.5 views

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7.3AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/07/03 2:22 a.m.6 views

CVE-2024-49365

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

9.1CVSS7.3AI score0.0021EPSS
Exploits0References1
Veracode
Veracodeadded 2025/07/02 7:4 a.m.3 views

Private Key Extraction

tiny-secp256k1 is vulnerable to private key extraction. The vulnerability is due to the ability to bypass Buffer.isBuffer checks when the global Buffer is overridden by the NPM buffer package, which allows an attacker to reuse the nonce k across different messages and extract the private key by...

9.1CVSS7.2AI score0.00323EPSS
Exploits0References5Affected Software2
Veracode
Veracodeadded 2025/07/02 4:33 a.m.4 views

Improper Input Validation

tiny-secp256k1 is vulnerable to improper input validation. The vulnerability is due to the ability to pass a malicious JSON-stringifiable object to the verify function when the global Buffer is overridden by the NPM buffer package, which allows an attacker to perform a type confusion attack and...

9.1CVSS7.2AI score0.0021EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2025/07/01 3:15 a.m.2 views

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS0.00323EPSS
Exploits0References2
NVD
NVDadded 2025/07/01 3:15 a.m.4 views

CVE-2024-49365

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

9.1CVSS0.0021EPSS
Exploits0References2
CVE
CVEadded 2025/07/01 2:7 a.m.16 views

CVE-2024-49364

CVE-2024-49364 affects tiny-secp256k1 (NPM wrapper). Prior to 1.1.7, if global Buffer comes from the NPM buffer package, the Buffer.isBuffer check can be bypassed, enabling private key extraction by signing a malicious JSON-stringifiable object via key reuse across messages. The issue is fixed in...

9.1CVSS6.6AI score0.00323EPSS
Exploits0References2
OSV
OSVadded 2025/07/01 2:7 a.m.1 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7AI score0.00323EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/07/01 2:7 a.m.2 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7.2AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder