13 matches found
CVE-2026-35042 fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...
EUVD-2026-11728
PyJWT accepts unknown crit header extensions...
CVE-2025-56207
The CVE-2025-56207 entry concerns Money Making Opportunity (MMO), an Ethereum ERC-721 NFT project. The vulnerability is in the contract’s _transfer function, which can cause NFTs to be sent to the zero address, resulting in permanent asset loss and ERC-721 non-compliance. Affected details include...
PYSEC-2022-43072
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...
Erc20.transferFrom() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...
Erc20.approve() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...
ERC20_ICO Integer Overflow Vulnerability
ERC20ICO is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of ERC20ICO. An attacker could use this vulnerability to set the balance of any user to an arbitrary value...
BiteduToken Integer Overflow Vulnerability
BiteduToken is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the mintToken function of BiteduToken's smart contract implementation. The vulnerability can be exploited by the contract owner to set the balance of any user to any value...
STCToken Integer Overflow Vulnerability
STCToken is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the mintToken function of STCToken's smart contract implementation. The vulnerability can be exploited by the contract owner to set the balance of any user to any value...
ISeeVoiceToken Integer Overflow Vulnerability
ISeeVoiceToken is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the mintToken function of ISeeVoiceToken's smart contract implementation. The vulnerability can be exploited by the contract owner to set the balance of any user to any value...
ProvidenceCasino Integer Overflow Vulnerability
ProvidenceCasino PVE is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the sell function of ProvidenceCasino PVE's smart contract implementation where "amount sellPrice" can be zero. An attacker could exploit the vulnerability to reduce the seller's assets...
IADOWR Coin Integer Overflow Vulnerability
IADOWR Coin IAD is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the mintToken function of IADOWR Coin's smart contract implementation. The vulnerability can be exploited by the contract owner to set the balance of any user to any value...
VulnCheck KEV: CVE-2018-10468
The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the...