CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

GHSA-264V-M8FM-76JM nimiq-transaction: Panic via `HistoryTreeProof` length mismatch

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

PT-2026-34542

Name of the Vulnerable Software and Affected Versions nimiq-block versions prior to 1.3.0 Description The SkipBlockProof::verify function computes its quorum check using BitSet.len, then iterates through BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. An integer...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

CVE-2025-60646

A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

EUVD-2020-18065

Malware in sbrugna...

EUVD-2023-36261

Malicious code in bioql PyPI...

CVE-2024-45932

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting XSS via the organization name field in /admin/contacts/organizations/edit/2...

CVE-2024-45932

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting XSS via the organization name field in /admin/contacts/organizations/edit/2...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35540

Typecho 1.3.0 (and earlier) is affected by a stored XSS vulnerability in the post writing/preview flow (CVE-2024-35540). An attacker with post writing privileges can inject arbitrary JavaScript/HTML via a crafted payload, potentially compromising user sessions or data. Evidence across multiple so...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35540

A stored cross-site scripting XSS vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

CVE-2024-35539

CVE-2024-35539 concerns Typecho v1.3.0, where a race condition in the post commenting function lets an attacker post multiple comments before spam-protection checks if made rapidly. Affected component: post commenting feature in Typecho 1.3.0. Reported impact per sources includes potential bypass...

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...