Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

CVE-2024-34704

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...

EUVD-2024-34999

Malicious code in bioql PyPI...

EUVD-2024-41287

Malicious code in bioql PyPI...

EUVD-2024-35250

Malicious code in bioql PyPI...

CVE-2024-38533

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-35229

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...

MAL-2025-3777 Malicious code in zksync-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0af13565b82b48cb80a58f21db293bbef9f5ef83e1c4fdcf67534110215bab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zksync-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0af13565b82b48cb80a58f21db293bbef9f5ef83e1c4fdcf67534110215bab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in versions of ZKsync Era prior to 1.5.3, which stems from LLVM mishandling of specific instructions during optimization, resulting in a numeric expansion error that affects contract execution on EraVM...

CVE-2024-38533

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-38533

The CVE-2024-38533 entry concerns ZKsync Era, a Layer 2 rollup for Ethereum. The issue is an invalid stack access caused by addresses used to access the stack not being properly converted to cells. Affected versions are prior to 1.5.0; the vulnerability is mitigated by upgrading to version 1.5.0....

CVE-2024-38533 ZKsync Era invalid stack addressing conversion

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-38533 ZKsync Era invalid stack addressing conversion

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-38533 ZKsync Era invalid stack addressing conversion

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

PT-2024-28059 · Unknown · Zksync Era

Name of the Vulnerable Software and Affected Versions: ZKsync Era versions prior to 1.5.0 Description: ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. The issue arises from possible invalid stack access due to the addresses used to access the stack not properly...