github.com/usememos/memos is vulnerable to Server-Side Request Forgery. The vulnerability exist due to an improper input validation at the /o/get/image endpoint, allowing unauthenticated users to manipulate server-side requests and retrieve images from the internal network and also leads to a...
6.1AI Score
0.001EPSS
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current.....
6.1CVSS
6.4AI Score
0.001EPSS
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current.....
6AI Score
0.001EPSS
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping....
6.4CVSS
6.1AI Score
0.0004EPSS
vie-d-oc.fr Cross Site Scripting vulnerability OBB-3913841
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to...
8.8CVSS
6.7AI Score
0.0004EPSS
eva-klein.de Cross Site Scripting vulnerability OBB-3908252
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated...
8.8CVSS
7.6AI Score
0.0004EPSS
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
6.1AI Score
0.0004EPSS
vie-animale.com Cross Site Scripting vulnerability OBB-3882912
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on pad_witdh and that result in computing a negative value for.....
6.7AI Score
0.002EPSS
Nginx-UI is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper handling of start_cmd setting. This issue can be exploited by an attacker by modifying start_cmd setting to execute arbitrary...
7.5AI Score
0.003EPSS
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn...
7.1AI Score
0.003EPSS
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn...
8.8CVSS
7.6AI Score
0.003EPSS
Summary Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. Details The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. Th...
8.2AI Score
0.003EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI does....
8.8CVSS
7.6AI Score
0.003EPSS
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been.....
9.8CVSS
7.9AI Score
0.001EPSS
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been.....
9.8CVSS
7.7AI Score
0.001EPSS
CVE-2024-0357 coderd-repos Eva HTTP POST Request page sql injection
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been.....
9.9AI Score
0.001EPSS
Delegation to address(0) causes permanent loss of voting power
Lines of code https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/NontransferableERC20Votes.sol#L29 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/base/erc20/ERC20VotesUpgradeable.sol#L24 Vulnerability details...
7AI Score
Lines of code Vulnerability details Impact Oracle unavailable for up to 1 hour, which could lead to positions going underwater and being liquidated when it becomes live again, without users having the chance to repay/collateralize. Proof of Concept The airnode code has a note concerning this...
7.1AI Score
eva-weingaertner.de Improper Access Control vulnerability OBB-3816736
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
eva-repschlaeger.de Improper Access Control vulnerability OBB-3816735
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
JSON Web Token (JWT) Algorithm Confusion
fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...
7AI Score
0.001EPSS
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
6.8AI Score
0.001EPSS
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
6AI Score
0.001EPSS
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys.....
5.7AI Score
0.001EPSS
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys.....
5.9CVSS
7.3AI Score
0.001EPSS
Max withdrawable calculation is incorrect in asD contract
Lines of code Vulnerability details Summary The implementation of the max withdrawable amount is incorrect as it divides the calculation by the wrong denominator, leading to an incorrect result and a potential denial of service due to an overflow. Impact In the Application Specific Dollar...
7.4AI Score
Lines of code Vulnerability details Impact Any collections making use of the ChainLink VRF2 randomizer could potentially get 0x0 hashes for their nfts. Due to uint32 public callbackGasLimit = 40000; being hardcoded, any gas fluctuations on Ethereum main net, could potentially not be enough for the....
7AI Score
Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question The AddPartyCardsAuthority contract: The AddPartyCardsAuthority contract is a contract designed to be integrated into a Party and it has only one purpose, and it is to mint new party governance...
7.4AI Score
eva-temple.de Improper Access Control vulnerability OBB-3770378
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
5.4CVSS
6.2AI Score
0.0004EPSS
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...
8.8CVSS
8.4AI Score
0.001EPSS
Lines of code Vulnerability details Summary In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And it's return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong...
7.2AI Score
eva-weingaertner.de Improper Access Control vulnerability OBB-3766921
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.6AI Score
Interest accumulation linked to state updates may leak value
Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the...
7AI Score
ERC20 tokens can be incorrectly burnt because of insufficient validation
Lines of code https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatSanctionsEscrow.sol#L16-L19 https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatSanctionsEscrow.sol#L33-L42 Vulnerability details.....
7AI Score
eva-zoellner.de Cross Site Scripting vulnerability OBB-3755528
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Lack of validation allows invalid ticks, impacting data integrity.
Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L29-L31...
7AI Score
Missing slippage control when directly interacting with the VotiumStrategy contract
Lines of code https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/strategies/votium/VotiumStrategy.sol#L109 Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner...
7.1AI Score
Overview of IoT threats in 2023
IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks.....
9.1CVSS
8.1AI Score
0.393EPSS
eva-moertenhuber.at Cross Site Scripting vulnerability OBB-3693269
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Lines of code https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/release-v4.9/contracts/governance/GovernorUpgradeable.sol#L502-L516 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/release-v4.9/contracts/governance/GovernorUpgradeable.sol#L521-L545...
6.8AI Score
github.com/ansible-semaphore/semaphore is vulnerable to Arbitrary Code Injection. The vulnerability exists in makeCmd function at AnsiblePlaybook.go which allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables...
7.8AI Score
0.001EPSS
vie-d-oc.fr Cross Site Scripting vulnerability OBB-3576408
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Missing __Governor_init() call in SecurityCouncilMemberRemovalGovernor's initialize() function
Lines of code Vulnerability details Bug Description The SecurityCouncilMemberRemovalGovernor contract inherits Openzeppelin's GovernorUpgradeable: SecurityCouncilMemberRemovalGovernor.sol#L17-L19 contract SecurityCouncilMemberRemovalGovernor is Initializable, GovernorUpgradeable, However,...
6.8AI Score
If the length of owners in the safe array is too large, may experience out of gas revert
Lines of code Vulnerability details Proof of Concept Function requireSafesEquivalent() in SecurityCouncilMgmtUpgradeLib.sol checks whether the addresses in the two safe arrays are the same and of the same length. If the arrays are too large, like there are many addresses that manages a gnosis...
6.7AI Score
Lines of code https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/FixedOracle.sol#L29-L45 Vulnerability details Impact Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong price...
6.8AI Score
Lines of code https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RoeRouter.sol#L23-L29 Vulnerability details Impact The PositionManager.getPoolAddresses function is used to get the important address details of the RoePool to be used in the critical function executions of the...
7AI Score