TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
5.5CVSS
6.7AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but....
5.5CVSS
6.7AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments. The implementation does not validate that num_streams only contains non-negative...
5.5CVSS
6.5AI Score
0.0004EPSS
Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2023-1905 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability February 15, 2024 CVE Number CVE-2024-20735 SUMMARY An out-of-bounds read vulnerability exists in the font file processing functionality of Adobe Acrobat Reader...
5.5CVSS
6.8AI Score
0.001EPSS
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with.....
6.4CVSS
5.6AI Score
0.001EPSS
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with.....
5.4CVSS
5.7AI Score
0.001EPSS
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with.....
6.4CVSS
5.8AI Score
0.001EPSS
7.1AI Score
Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable
Lines of code https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/ERC1155PermitSignatureExtension.sol#L40 https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/ocean/OceanERC1155.sol#L36-L39...
6.8AI Score
Cueing up a calculator: an introduction to exploit development on Linux
In this follow-up to my previous blog post, I'll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I have also published the source code of the proof of concept. To quickly recap the previous blog...
8.8CVSS
8.1AI Score
0.014EPSS
Securing our home labs: Home Assistant code review
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it's not uncommon for our Security Lab researchers to work together on audits and research projects, we found that conducting team audits occasionally provides a...
9CVSS
8.1AI Score
0.001EPSS
7.1AI Score
Uptime Kuma Authenticated remote code execution via TailscalePing
Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...
8.2AI Score
Uptime Kuma Authenticated remote code execution via TailscalePing
Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...
8.2AI Score
GitLab: Stored-XSS injected in Wiki page via Banzai pipeline
Hello, I found a vulnerability in AbstractReferenceFilter class that can be exploited to inject any HTML elements leading to stored-XSS. Reproduce Create a new project. Got to its Wikis, Create your first page button, then fill the form: Title: _sidear Content: please see in _sidebar.md attached...
7.1AI Score
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of...
5.3CVSS
5.6AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of...
5.3CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of...
5.3CVSS
5.6AI Score
0.001EPSS
Shares Manipulation DoS Vulnerability in StakedUSDe
Lines of code https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDe.sol#L190-L194 https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDe.sol#L225-L239 Vulnerability details Impact The StakedUSDe contract is vulnerable to manipulation by a malicious actor,....
6.9AI Score
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.2AI Score
0.001EPSS
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.4CVSS
5.7AI Score
0.001EPSS
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
Updating safeManager reference in Vault721 will brick transfer of safes
Lines of code Vulnerability details Impact Updating safeManager reference in Vault721 will brick safe transfers since the state of the new ODSafeManager instance won't have corresponding data. In addition, it is not clear how it would be possible to achieve seamless migration as particular...
7AI Score
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above,...
5.4CVSS
5.7AI Score
0.0005EPSS
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above,...
6.4CVSS
5.3AI Score
0.0005EPSS
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above,...
6.4CVSS
5.9AI Score
0.0005EPSS
The WalletRegistry.sol#registerWallet() function can be used to register wallet by anyone.
Lines of code Vulnerability details Impact Anyone can register wallet allowing anyone to set the iswallet[msg.sender] to true for themselves allowing them to exploit other functions. Proof of Concept From the comment on the registerWallet() function below, the registerWallet() function Can only be....
7AI Score
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
5.5CVSS
4.5AI Score
0.0004EPSS
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
5.5CVSS
5.3AI Score
0.0004EPSS
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
4.4CVSS
5.3AI Score
0.0004EPSS
Hash Collisions and Front-Running Risk
Lines of code https://github.com/code-423n4/2023-10-ens/blob/ed47c841a19abd26681110a26ef03c446da2b6dd/contracts/ERC20MultiDelegate.sol#L15-L20 Vulnerability details https://github.com/code-423n4/2023-10-ens/blob/ed47c841a19abd26681110a26ef03c446da2b6dd/contracts/ERC20MultiDelegate.sol#L15-L20 ...
7.1AI Score
ENS (ERC20Votes) token transferred to the proxy contract will be lost forever.
Lines of code https://github.com/code-423n4/2023-10-ens/blob/ed25379c06e42c8218eb1e80e141412496950685/contracts/ERC20MultiDelegate.sol#L110-L112 Vulnerability details Impact ENS (ERC20Votes) token transferred to the proxy contract will be lost forever. As delegation amount is out of sync with the.....
7AI Score
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The ERC20ProxyDelegator constructor appears to be used for delegating voting rights to a delegate by allowing them to call the delegate function of an ERC20Votes contract. To secure this function, you...
7AI Score
Lines of code Vulnerability details MarketSequencer.initCurve() can call LiquidityMining.initTickTracking() any number of times, because their is no restriction for reinitialization. As stated in the comment section, putting the caller in charge of not reinitializing can lead to an unintentional...
7AI Score
Lack of tick range validation allows initialization of invalid ticks.
Lines of code Vulnerability details Impact Function initTickTracking initializes the tick tracking data structure, but does not validate that tick is within the min/max tick range for the pool. This could allow initializing invalid tick values. Proof of Concept Here is the line in initTickTracking....
6.8AI Score
Existing pools will be bricked due to uninitialized state
Lines of code Vulnerability details Existing pools will be bricked due to uninitialized Summary Pools already present in the exchange will be bricked when crossTicks() is called with an uninitialized tickTracking_ storage, which will trigger an array out of bounds error. Impact New pools in the...
7.3AI Score
BLOCKS_PER_YEAR in Prime.sol should vary depending on leap and non-leap year
Lines of code https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L109 https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L974...
7.2AI Score
Incorrect initialization of rUSDY.sol
Lines of code Vulnerability details Impact rUSDY.sol contract inherits PausableUpgradeable contract but does not invoke its initialzers during its own initialization. Due to which the state of PausableUpgradeable contract remain uninitialized. File: contracts/usdy/rUSDY.sol contract rUSDY is ...
6.9AI Score
mlc-it.org Cross Site Scripting vulnerability OBB-3573849
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
The project's reputation and user funds can be affected if a clear invariant is not met
Lines of code Vulnerability details Vulnerability details Impact The protocol may not work as expected in years that are not 365 days long, which could lead to a loss of confidence in the protocol. In fact, the next year is one of those years (leap year). Furthermore, defining it as a constant in.....
6.7AI Score
Lines of code https://github.com/code-423n4/2023-07-axelar/blob/main/contracts/gmp-sdk/upgradable/Upgradable.sol#L78-L80 https://github.com/code-423n4/2023-07-axelar/blob/main/contracts/gmp-sdk/upgradable/Proxy.sol#L40-L43 Vulnerability details Impact The Upgradeable.onlyProxy modifier is used to.....
7AI Score
newer tx can remain un approved due nto previous tx not passing
Lines of code Vulnerability details Impact Newer transaction will not get approved because previous on es have not been approved or rejected Proof of Concept Let's say two out of 3 addresses sign a transaction which requires 3 signers then after some time the 3 now sign another transaction it wont....
7AI Score
Storage collision risk in NounsDAOProxy contracts
Lines of code https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOProxyV2.sol#L43...
6.9AI Score
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
Antlers sanitizer cannot effectively sanitize malicious SVG Summary The SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform XSS attacks using SVG, even when using the sanitize function. Details Regarding the previous discussion mentioned here,.....
5.5CVSS
6.6AI Score
0.001EPSS
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
Antlers sanitizer cannot effectively sanitize malicious SVG Summary The SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform XSS attacks using SVG, even when using the sanitize function. Details Regarding the previous discussion mentioned here,.....
5.5CVSS
6.6AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary...
9.6CVSS
8.4AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary...
9.6CVSS
8.6AI Score
0.001EPSS
statamic/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in the index function at Svg.php because the SVG tag does not sanitize malicious SVG which allows an attacker to inject and execute arbitrary...
5.5CVSS
6.5AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary...
8.7AI Score
0.001EPSS
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the sanitize function. Version....
5.5CVSS
5.2AI Score
0.001EPSS