EUVD-2023-60576

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

Ledger Live 代码问题漏洞

Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...

Malicious code in @2oolkit/hyperliquid-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the correctlySpends process. An attacker can bypass output verification by supplying a crafted signature and public key pair, allowing unauthorized transaction validation. Remediation...

HCL Aftermarket DPC Session Fixation Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a session fixation vulnerability that can be exploited by an attacker to take over a user's session and conduct unauthorized transactions...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

EUVD-2025-209055

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266

CVE-2025-55266 concerns HCL Aftermarket DPC, where a session fixation flaw could allow an attacker to hijack a user session and perform unauthorized transactions on behalf of the user. The provided documents identify the impact (session takeover) and the affected product but do not specify affect...

CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

CVE-2025-55266

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

PT-2026-28291

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a session fixation issue. This allows an attacker to take control of a user’s session and perform unauthorized transactions on the user’s...

OpenEMR 信息泄露漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR from 5.0.2 to 8.0.0 contained a security...

PT-2026-7957

Name of the Vulnerable Software and Affected Versions CediPay versions prior to 1.2.3 Description A flaw exists in CediPay that allows attackers to bypass input validation within the transaction API. Exploitation could lead to unauthorized transactions, exposure of sensitive financial data, and...

SAP NetWeaver Application Server for ABAP 跨站请求伪造漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform from SAP, Germany. A cross-site request forgery vulnerability exists in SAP NetWeaver Application Server for ABAP, which stems from a cross-site request forgery vulnerability that could lead to bypassing authorization...

EUVD-2020-0088

Malware in sbrugna...

EUVD-2025-11473

Malicious code in bioql PyPI...

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishi...

removeDelegatedSigner() will not undelegate address for signing.

Lines of code Vulnerability details Impact Impact is critical as delegator addresses will still retain delegator roll even after the removeDelegatedSigner is called by user. Proof of Concept function setDelegatedSigner is used to set delegation function setDelegatedSigneraddress delegateTo extern...