1738 matches found
Malicious code in okta-template-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa63c053c0856df8269f5f2fed7960e203427d897b1fccc26acdfbaf8108cbc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5944 Malicious code in okta-template-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa63c053c0856df8269f5f2fed7960e203427d897b1fccc26acdfbaf8108cbc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to sending a message that modifies the validator set exactly at the epoch boundary, which allows an attacker to halt the blockchain by disrupting consensus progression...
Integer Overflow
github.com/cosmos/cosmos-sdk is vulnerable to Integer Overflow. The vulnerability is due to a malicious validator being able to deposit values that trigger an overflow in the Validator Rewards pool, potentially halting the blockchain...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via DepositValidatorRewardsPool. An attacker can cause a chain halt by introducing an overflow condition through a crafted malicious deposit into the Validator Rewards pool when full. Details Denial of...
GHSA-P22H-3M2V-CMGH Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt
Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt
Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the validator set modification process at the epoch boundary. An attacker can cause the chain to halt by sending a message that alters the validator set during this critical...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the validator set modification process at the epoch boundary. An attacker can cause the chain to halt by sending a message that alters the validator set during this critical...
GHSA-RJ53-J6JW-7F7G Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
PT-2025-30107 · Go · Github.Com/Babylonlabs-Io/Babylon/V2
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
The vulnerability of the validator component in the Symfony software development and web application management platform allows a hacker to access confidential data.
The vulnerability of the validator component in the Symfony software development and management platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
Malicious code in byaziine_validator (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f12a2c76230f3f02e4f5f0e1b7124c3fcdafddd9b28e6083e61b3c2a92f96eb Any computer that has this package installed or running should be considered...
EAP: wildfly-elytron has a SSRF security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...
EAP: wildfly-elytron has a SSRF security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...