| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34300 | Oracle PeopleSoft Enterprise FIN Contracts 安全漏洞 | Oracle Corporation | PeopleSoft Enterprise FIN Contracts | Medium | 6.5 | 2026-04-21 20:35:31 | Deep Dive |
| CVE-2026-28410 | The Graph: Revocable vesting contracts allows early access to locked tokens | graphprotocol | contracts | 中危 | - | 2026-03-05 20:11:54 | Deep Dive |
| CVE-2026-22866 | ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation | ensdomains | ens-contracts | - | - | 2026-02-25 15:47:16 | Deep Dive |
| CVE-2025-54070 | OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers | OpenZeppelin | openzeppelin-contracts | - | - | 2025-07-17 18:25:02 | Deep Dive |
| CVE-2024-21280 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle Service Contracts | High | 8.1 | 2024-10-15 19:53:02 | Deep Dive |
| CVE-2024-45304 | OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts | OpenZeppelin | cairo-contracts | Medium | 5.3 | 2024-08-30 23:51:01 | Deep Dive |
| CVE-2024-27094 | OpenZeppelin Contracts base64 encoding may read from potentially dirty memory | OpenZeppelin | openzeppelin-contracts | Medium | 6.5 | 2024-02-29 18:18:25 | Deep Dive |
| CVE-2019-25157 | Ethex Contracts Monthly Jackpot EthexJackpot.sol access control | Ethex | Contracts | Medium | 4.3 | 2023-12-19 02:00:06 | Deep Dive |
| CVE-2023-49798 | Duplicated execution of subcalls in OpenZeppelin Contracts | OpenZeppelin | openzeppelin-contracts | Medium | 5.9 | 2023-12-08 23:35:24 | Deep Dive |
| CVE-2023-40625 | Missing Authorization check in SAP Manage Purchase Contracts App | SAP_SE | SAP Manage Purchase Contracts App | Medium | 5.4 | 2023-09-12 02:00:14 | Deep Dive |
| CVE-2023-40014 | OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender | OpenZeppelin | openzeppelin-contracts | Medium | 5.3 | 2023-08-10 19:52:56 | Deep Dive |
| CVE-2023-38698 | .eth registrar controller can shorten the duration of registered names | ensdomains | ens-contracts | Medium | 4.9 | 2023-08-04 17:41:14 | Deep Dive |
| CVE-2023-34459 | OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees | OpenZeppelin | openzeppelin-contracts | Medium | 5.3 | 2023-06-16 22:13:18 | Deep Dive |
| CVE-2023-34234 | Governor proposal creation may be blocked by frontrunning in OpenZeppelin | OpenZeppelin | openzeppelin-contracts | Medium | 5.3 | 2023-06-07 17:06:10 | Deep Dive |
| CVE-2023-30541 | TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts | OpenZeppelin | openzeppelin-contracts | Medium | 5.3 | 2023-04-17 21:37:29 | Deep Dive |
| CVE-2023-30542 | GovernorCompatibilityBravo may trim proposal calldata | OpenZeppelin | openzeppelin-contracts | Medium | 6.8 | 2023-04-16 07:10:13 | Deep Dive |
| CVE-2023-26488 | OpenZeppelin Contracts contains Incorrect Calculation | OpenZeppelin | openzeppelin-contracts | Medium | 6.5 | 2023-03-03 21:08:35 | Deep Dive |
| CVE-2023-23940 | OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass | OpenZeppelin | cairo-contracts | Medium | 6.4 | 2023-02-03 19:43:11 | Deep Dive |
| CVE-2022-39384 | OpenZeppelin Contracts initializer reentrancy may lead to double initialization | OpenZeppelin | openzeppelin-contracts | Medium | 5.6 | 2022-11-04 00:00:00 | Deep Dive |
| CVE-2022-35961 | ECDSA signature malleability in OpenZeppelin Contracts | OpenZeppelin | openzeppelin-contracts | High | 7.9 | 2022-08-14 00:05:09 | Deep Dive |