CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-54990

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00323EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-54991

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.0021EPSS

Exploits0References3

RedhatCVE•added 2025/07/03 2:22 a.m.•5 views

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7.3AI score0.00323EPSS

Exploits0References1

RedhatCVE•added 2025/07/03 2:22 a.m.•6 views

CVE-2024-49365

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

9.1CVSS7.3AI score0.0021EPSS

Exploits0References1

Veracode•added 2025/07/02 7:4 a.m.•3 views

Private Key Extraction

tiny-secp256k1 is vulnerable to private key extraction. The vulnerability is due to the ability to bypass Buffer.isBuffer checks when the global Buffer is overridden by the NPM buffer package, which allows an attacker to reuse the nonce k across different messages and extract the private key by...

9.1CVSS7.2AI score0.00323EPSS

Exploits0References5Affected Software2

Veracode•added 2025/07/02 4:33 a.m.•4 views

Improper Input Validation

tiny-secp256k1 is vulnerable to improper input validation. The vulnerability is due to the ability to pass a malicious JSON-stringifiable object to the verify function when the global Buffer is overridden by the NPM buffer package, which allows an attacker to perform a type confusion attack and...

9.1CVSS7.2AI score0.0021EPSS

Exploits0References5Affected Software1

NVD•added 2025/07/01 3:15 a.m.•4 views

CVE-2024-49365

9.1CVSS0.0021EPSS

Exploits0References2

NVD•added 2025/07/01 3:15 a.m.•2 views

CVE-2024-49364

9.1CVSS0.00323EPSS

Exploits0References2

CVE•added 2025/07/01 2:7 a.m.•17 views

CVE-2024-49364

CVE-2024-49364 affects tiny-secp256k1 (NPM wrapper). Prior to 1.1.7, if global Buffer comes from the NPM buffer package, the Buffer.isBuffer check can be bypassed, enabling private key extraction by signing a malicious JSON-stringifiable object via key reuse across messages. The issue is fixed in...

9.1CVSS6.6AI score0.00323EPSS

Exploits0References2

OSV•added 2025/07/01 2:7 a.m.•2 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

9.1CVSS7AI score0.00323EPSS

Exploits0References4

Vulnrichment•added 2025/07/01 2:7 a.m.•2 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

9.1CVSS7.2AI score0.00323EPSS

Exploits0References2

Cvelist•added 2025/07/01 2:7 a.m.•7 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

9.1CVSS0.00323EPSS

Exploits0References2

Vulnrichment•added 2025/07/01 2:7 a.m.•3 views

CVE-2024-49365 tiny-secp256k1 allows for verify() bypass when running in bundled environment

9.1CVSS7.2AI score0.0021EPSS

Exploits0References2

CVE•added 2025/07/01 2:7 a.m.•19 views

CVE-2024-49365

The CVE-2024-49365 issue affects tiny-secp256k1 prior to 1.1.7, where in environments using the Node buffer package, Buffer.isBuffer can be bypassed and a crafted JSON-stringifiable object could be accepted by verify(), potentially causing false-positive True values. The root cause is a vulnerabi...

9.1CVSS6.6AI score0.0021EPSS

Exploits0References2

OSV•added 2025/07/01 2:7 a.m.•3 views

CVE-2024-49365 tiny-secp256k1 allows for verify() bypass when running in bundled environment

9.1CVSS7AI score0.0021EPSS

Exploits0References4

Cvelist•added 2025/07/01 2:7 a.m.•8 views

CVE-2024-49365 tiny-secp256k1 allows for verify() bypass when running in bundled environment

9.1CVSS0.0021EPSS

Exploits0References2

CNNVD•added 2025/07/01 12:0 a.m.•3 views

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7, which stems from the potential disclosure of a private key when signing a malicious JSON stringable object, potentially leading to private key extraction...

9.1CVSS6.3AI score0.00323EPSS

Exploits0References3

CNNVD•added 2025/07/01 12:0 a.m.•1 views

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7 that stems from a possible bypass of checks when validating malicious JSON stringable messages, which could lead to false validation results...

9.1CVSS6.3AI score0.0021EPSS

Exploits0References3

Github Security Blog•added 2025/06/30 5:44 p.m.•8 views

tiny-secp256k1 allows for verify() bypass when running in bundled environment

Summary A malicious JSON-stringifyable message can be made passing on verify, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in strange objects bei...

9.1CVSS6.9AI score0.0021EPSS

Exploits0References4Affected Software1

OSV•added 2025/06/30 5:44 p.m.•0 views

GHSA-5VHG-9XG4-CV9M tiny-secp256k1 allows for verify() bypass when running in bundled environment

9.1CVSS5.9AI score0.0021EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by