MAL-2026-4553 Malicious code in ethers-wallet-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6dae6dc459fa2ef437e532af4b27b6c50360a40cdb9d91563d25a48bae88cec Package name impersonates the official @ethersproject/wallet, and package.json spoofs the ethers.js maintainer identity author 'Richard Moore '. The...

GHSA-56R6-CCM5-8HG3 Alchemy Non-SMA and Webauthn Account Security Advisory

Impact A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted. Patches Please direct creation of new wallets to either createSemiModularAccount on AccountFactory.sol or...

SmartAccount wallet creation can be backdoored

Lines of code Vulnerability details At wallet creation time, an attacker can temporarily swap the address of the entrypoint to install a backdoor in the form of a registered module in the wallet. Since wallets don't necessarily need to be created by their owners, an attacker can frontrun the wall...

CVE-2019-13098

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...