172 matches found
10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)
protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...
PT-2026-34555
Impact The staking contract accepts UpdateValidator transactions that set new voting key=Some... while omitting new proof of knowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
starknet-staking_audit1
Markdown https://dev.to/rdin777/starknet-btc-staking-how-to-ext...
Malicious code in bitu-staking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e The package bitu-staking was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2915 Malicious code in bitu-staking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e The package bitu-staking was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview hemi-btc-staking-actions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in hemi-btc-staking-actions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b19073a10f9ea03f132e59a88b1c0a694120c696aa0be4824281160c7bfffb56 The package hemi-btc-staking-actions was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-4516
Malicious code in hemi-btc-staking-actions npm...
MAL-2026-496 Malicious code in hemi-btc-staking-actions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b19073a10f9ea03f132e59a88b1c0a694120c696aa0be4824281160c7bfffb56 The package hemi-btc-staking-actions was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199275
Malicious code in quickswap-default-staking-list-address npm...
EUVD-2025-199276
Malicious code in quickswap-default-staking-list npm...
Malicious code in quickswap-default-staking-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43e55808d092f76fd5927721525051ffdb180520c3f2b7ae26fb3d626931c9f9 The package quickswap-default-staking-list was found to contain malicious code. Source: ghsa-malware...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Use of a Cryptographic Primitive with a Risky Implementation
Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...
EUVD-2024-2214
Malicious code in bioql PyPI...
Malicious code in eth-liquid-staking-sdk (npm)
The package eth-liquid-staking-sdk was found to contain malicious code...
MAL-2025-41978 Malicious code in eth-liquid-staking-sdk (npm)
The package eth-liquid-staking-sdk was found to contain malicious code...
Malicious Package
Overview bittenso-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a typosquatting campaign targeting the Bittensor ecosystem. The goal of the attackers is to steal cryptocurrency fro...