Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and...
7.7AI Score
0.002EPSS
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and...
7.5CVSS
7.2AI Score
0.002EPSS
[H1] Some admins functions are unusable because of misuse of variables in upgradeable contracts
Lines of code https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/NFTCollectionFactory.sol#L181-L185 https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/mixins/shared/ContractFactory.sol#L19...
6.8AI Score
Blocklist contract lack an unblock mechanism
Lines of code Vulnerability details Impact In Blocklist contract, the manager can block a contract from accessing VotingEscrow by calling the block function. If the manager calls the block function on a contract due to some misunderstanding, the manager cannot resume the contract's access to...
6.8AI Score
Users can create an un-bannable contract
Lines of code https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/features/Blocklist.sol#L23 Vulnerability details Impact Users can create an un-bannable contract by working from a contract's constructor and then self-destructing on each...
6.9AI Score
Overwriting storage slots in MIMOProxy
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol#L19 Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on....
6.7AI Score
Malicious targets can manipulate MIMOProxy permissions
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxy.sol#L55-L64 Vulnerability details The MIMOProxy contract stores per-caller, per-target, per-selector permissions in a nested internal mapping. MIMOProxy.sol#L21: ///...
7AI Score
Malicious manipulation of gas reserve can deny access to MIMOProxy
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxy.sol#L74-L79 Vulnerability details The MIMOProxy contract defines a minGasReserve value as a storage variable: MIMOProxy.sol#L18: /// @inheritdoc IMIMOProxy uint256...
6.9AI Score
minGasReserve of MIMOProxy can be overwritten
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/9adf46f2efc61898247c719f2f948b41d5d62bbe/contracts/proxy/MIMOProxy.sol#L82 Vulnerability details Impact While there is a check that owner is not changed in a delegatecall, such a check is missing for minGasReserve, which means that the.....
6.9AI Score
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/HomeFi.sol#L27-L32 https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/ProjectFactory.sol#L16-L20...
6.7AI Score
Lack of storage gap for upgradable contracts
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/main/contracts/DebtToken.sol#L11 https://github.com/code-423n4/2022-08-rigor/blob/main/contracts/Disputes.sol#L17 https://github.com/code-423n4/2022-08-rigor/blob/main/contracts/HomeFi.sol#L27...
6.8AI Score
No storage gap for Upgradable contract might lead to storage slot collision
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/ProjectFactory.sol#L19 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFiProxy.sol#L14...
6.9AI Score
AxelarDepositService: When wrappedToken is not weth, sendNative may cause users to lose ether.
Lines of code Vulnerability details Impact In the sendNative function of the AxelarDepositService contract, the wrappedToken address is treated as weth-like and the wrappedToken's deposit function is called. If the wrappedToken address is TokenType.External token and is not weth-like and the...
7AI Score
Lines of code https://github.com/code-423n4/2022-07-axelar/blob/3729dd4aeff8dc2b8b9c3670a1c792c81fc60e7c/contracts/deposit-service/ReceiverImplementation.sol#L38...
6.8AI Score
Anyone can steal the ether or the ReceiverImplementation tokens
Lines of code https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L51...
6.7AI Score
Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom
Lines of code https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L144...
6.8AI Score
Functions that send Ether to arbitrary destinations
Lines of code https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23...
6.9AI Score
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/actions/MIMOEmptyVault.sol#L14 Vulnerability details Impact Both MIMOEmptyVault and MIMOLeverage contracts share same signature/definition, an attacker can gain control of EmptyVault contract, issue a flash loan, and...
7.1AI Score
Upgraded Q -> M from 9 [1659036743700]
Judge has assessed an item in Issue #9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised,...
6.9AI Score
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European.....
8.8CVSS
-0.2AI Score
EPSS
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European.....
8.8CVSS
-0.2AI Score
EPSS
berlin-shuttle.de Cross Site Scripting vulnerability OBB-2792134
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
berlin-karow-internet.de Cross Site Scripting vulnerability OBB-2792133
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
berlin-buch-internet.de Cross Site Scripting vulnerability OBB-2792131
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
berlin-housekeeping.de Cross Site Scripting vulnerability OBB-2792132
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
berlin-alperen.de Cross Site Scripting vulnerability OBB-2792130
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via...
6.1CVSS
6AI Score
0.002EPSS
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via...
6.1CVSS
0.002EPSS
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via...
6.2AI Score
0.002EPSS
strapi is vulnerable to arbitrary file upload. The vulnerability exists in the module.exports function in content-api.js due to improper validation of the upload files, allowing an attacker to upload a maliciously crafted file and remotely execute arbitrary code on the...
8.8CVSS
8.8AI Score
0.006EPSS
Strapi 4.1.12 Cross-site Scripting via crafted file
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. After an authenticated attacker uploads a file containing a malicious URL, a victim copies and pastes the malicious URL into a new tab to...
8.8CVSS
8.4AI Score
0.006EPSS
Strapi 4.1.12 Cross-site Scripting via crafted file
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. After an authenticated attacker uploads a file containing a malicious URL, a victim copies and pastes the malicious URL into a new tab to...
8.8CVSS
6.7AI Score
0.006EPSS
Vault implementation can be selfdestructed due to lack of initialization
Lines of code Vulnerability details Impact HIGH - Assets can be lost directly Anybody can initialize the Vault's implementation contract. The worst case would be to selfdestruct and make all the (already deployed and to be deployed) Vault's proxies useless and assets in the deployed proxies will...
6.9AI Score
Uninitialized implementation for Vault can be destroyed
Lines of code https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol#L24-L29 Vulnerability details Impact Every Vault is a proxy of the same implementation contract. This implementation is deployed from VaultFactory but never initialized. /// @notice Initializes implementation...
6.8AI Score
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF...
8.8CVSS
8.2AI Score
0.006EPSS
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF...
8.8CVSS
0.006EPSS
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF...
8.4AI Score
0.006EPSS
Bitter APT Hackers Continue to Target Bangladesh Military Entities
Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans,"...
8.8CVSS
0.3AI Score
0.913EPSS
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC-Q Series Q03UDECPU all versions, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number 24051 and prior,...
7.5CVSS
7.6AI Score
0.003EPSS
Create a short call order with non empty floor makes the option impossible to exercise and withdraw
Lines of code Vulnerability details Impact HIGH - assets can be lost If a short call order is created with non empty floorTokens array, the taker cannot exercise. Also, the maker cannot withdraw after the expiration. The maker will still get premium when the order is filled. If the non empty...
6.7AI Score
accountant and admin cannot be updated at Note.sol once accountant is initialized
Lines of code Vulnerability details Impact Once state variable accountant is set, accountant and admin will no longer be updated using _setAccountantAddress function. Proof of Concept function setAccountantAddress(address accountant ) external { require(msg.sender == admin); ...
6.9AI Score
A cap is needed on the amount of Note than can be borrowed
Lines of code https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Note.sol#L14 Vulnerability details Impact The fact that there is no cap on the amount of Note that can be borrowed makes the Oracle Extractable Value unlimited. But as you...
6.5AI Score
berlin-storkower.quick.de Cross Site Scripting vulnerability OBB-2682577
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Upgraded Q -> H from 222 [1656255302682]
Judge has assessed an item in Issue #222 as High risk. The relevant finding follows: [L-02] totalAssets of erc4626 should never revert eip-4626 According to the spec, totalAssets of erc4626 should never revert MUST NOT revert. wfcash would revert if it's matured but hasn't settled....
6.9AI Score
Upgraded Q -> H from 104 [1656255316696]
Judge has assessed an item in Issue #104 as High risk. The relevant finding follows: L02: Incompatibility with ERC-4626 Line References https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L42...
7AI Score
Sending batch withdrawal requests can possibly DoS
Lines of code Vulnerability details Impact The function BatchRequests.sendWithdrawalRequests allows calling the sendWithdrawalRequests function on all of the Yieldy contracts at once. However, due to the unbounded for loop, if many Yieldy contracts are added to contracts, this function can...
6.8AI Score
berlin-hnopraxis.de Cross Site Scripting vulnerability OBB-2679268
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
TWAV can be attacked by flash loan
Lines of code Vulnerability details Impact _updateTWAV can be flash loaned. Hacker may pay the flash loan fee for 4 blocks then execute the attack after that. Proof of Concept function _updateTWAV(uint256 _valuation, uint32 _blockTimestamp) internal { uint32 _timeElapsed; ...
7.1AI Score
In Cnote.sol, anyone can initially become both accountant and admin
Lines of code Vulnerability details Impact Affected code: https://github.com/Plex-Engineer/lending-market/blob/ab31a612be354e252d72faead63d86b844172761/contracts/CNote.sol#L14 The function _setAccountantContract() is supposed to be called after contract initialization, so that the accountant is...
6.8AI Score
Lines of code Vulnerability details Impact The function does not have access control before the accountant address is set, allowing anyone to call the function, gain admin privileges, and set the accountant address. Proof of Concept CNote.sol#L17 Recommended Mitigation Steps Include access control....
7.1AI Score