Lucene search
+L

168 matches found

OSV
OSV
added 2026/07/06 9:23 p.m.4 views

GHSA-WW9Q-8R59-XV46 Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

Summary A soundness vulnerability in the variable-base scalar multiplication gadget of halo2gadgets allowed a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point. Because this gadget enforces the diversified-address-integrity condition of the Orcha...

9.3CVSS5.9AI score0.00315EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 9:23 p.m.8 views

Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

Summary A soundness vulnerability in the variable-base scalar multiplication gadget of halo2gadgets allowed a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point. Because this gadget enforces the diversified-address-integrity condition of the Orcha...

9.3CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software4
Microsoft Secure
Microsoft Secure
added 2026/06/18 7:36 p.m.16 views

New Forrester Total Economic Impact™ study projects a 124% ROI from unifying with Microsoft Security

Across many industries, organizations are unifying security and putting AI agents to work. Security teams are utilizing agents that reason, decide, and act on their behalf, under their governance. At Microsoft, we see this firsthand—more than 80% of the Fortune 500 are already using AI.1 The...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/05/15 4:51 p.m.12 views

EUVD-2026-30571

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:10 p.m.8 views

CVE-2026-44500

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/07 9:2 p.m.5 views

GHSA-CWFQ-RFCR-8HMP Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs

Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...

9.2CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 8:55 p.m.16 views

Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38620

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References5
Qualys Blog
Qualys Blog
added 2026/04/15 6:2 p.m.16 views

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/09 6:17 p.m.9 views

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

7.5CVSS0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29445

@jxnlco @emilyzsh I think he is referring to that recent CVE-2026-4417 — OpenAI Codex vulnerability where excessive usefulness leads to immediate $200/month spend escalation. No patch available; users report “this is actually worth it” before wallet compromise...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/30 7:13 p.m.4 views

GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

8.4CVSS5.9AI score0.00255EPSS
Exploits1References6
OSV
OSV
added 2026/03/30 5:51 p.m.5 views

GHSA-H54M-C522-H6QR AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

5.3CVSS6AI score0.00228EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 6:12 p.m.5 views

CVE-2026-34368 AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new...

5.3CVSS5.9AI score0.00228EPSS
Exploits1References4
NVD
NVD
added 2025/12/08 7:15 p.m.6 views

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

9.1CVSS0.00364EPSS
Exploits1References6
CVE
CVE
added 2025/12/08 12:0 a.m.22 views

CVE-2025-65548

CVE-2025-65548 affects Nutshell (cashubtc/nuts) prior to 0.18.0. The issue is that when spending a token, the preimage size is not validated, and the preimage is stored by the mint, enabling an attacker to fill the mint’s database and disk with arbitrary data. Public sources consistently describe...

9.1CVSS6.5AI score0.00364EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/12/08 12:0 a.m.26 views

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

0.00364EPSS
Exploits1References6
OSV
OSV
added 2025/12/08 12:0 a.m.9 views

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

9.1CVSS6.7AI score0.00364EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-3056

Malware in sbrugna...

3.5CVSS7.5AI score0.00936EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-14090

Malware in sbrugna...

9.8CVSS7.9AI score0.01959EPSS
Exploits0References3
Rows per page
Query Builder