Lucene search
+L

165 matches found

osv
osv
added 2026/06/26 9:8 p.m.5 views

GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2
cvelist
cvelist
added 2026/05/08 3:55 a.m.47 views

CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS0.00375EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/08 3:55 a.m.9 views

CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/08 3:55 a.m.10 views

CVE-2026-42278

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References3
cve
cve
added 2026/05/08 3:55 a.m.22 views

CVE-2026-42278

CVE-2026-42278 affects UltraDAG (Rust) and specifically the SmartTransferTx policy enforcement path. Before commit fb6ef59, a transaction originating from a Pocket (a derived sub-address) could bypass spending controls because the pocket’s parent account wasn’t resolved before evaluating the spen...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References2
osv
osv
added 2026/05/08 3:55 a.m.3 views

CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS6AI score0.00375EPSS
Exploits0References4
wired
wired
added 2026/04/09 10:0 a.m.9 views

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence...

5.9AI score
Exploits0
schneier
schneier
added 2026/03/13 11:4 a.m.9 views

Academia and the “AI Brain Drain”

In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers see go.nature.com/3lzf79q...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

8.1CVSS6.9AI score0.00493EPSS
Exploits0References1
impervablog
impervablog
added 2025/12/17 4:11 p.m.7 views

Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained...

6.9AI score
Exploits0
schneier
schneier
added 2025/12/15 12:2 p.m.6 views

Against the Federal Moratorium on State-Level Regulation of AI

Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many,...

6.8AI score
Exploits0
redhatcve
redhatcve
added 2025/12/12 5:13 p.m.3 views

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

9.1CVSS6.8AI score0.00364EPSS
Exploits1References1
taosecurity
taosecurity
added 2025/10/15 2:32 a.m.6 views

Company Wrecked by Ransomware Only Spent 120,000 Pounds Per Year on Cyber Security

Do you remember the story of the UK-based logistics company that closed due to ransomware and laid off 730 workers? Today in an article about a warning to UK businesses about cyber incidents, their “director” said they “were throwing £120,000 a year at cyber-security with insurance and systems an...

6.8AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-3158

Malware in sbrugna...

6.4CVSS6.4AI score0.02378EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29654

Malware in sbrugna...

7.5CVSS7.5AI score0.01027EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-28003

Malware in sbrugna...

5.5CVSS5.6AI score0.00441EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-3157

Malware in sbrugna...

5CVSS6.4AI score0.01971EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4434

Malware in sbrugna...

8.1CVSS8.1AI score0.00493EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-33047

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01197EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-1652

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00582EPSS
Exploits0References4
Rows per page
Query Builder