Permits may be reused after token upgrade
Lines of code https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/its/token-implementations/ERC20Permit.sol#L44-L48 Vulnerability details Impact The StandardizedToken contract inherits the ERC20Permit contract which in the case of an...
7.2AI Score
Using supportsERC165InterfaceUnchecked() might break LSP functionality for certain contracts
Lines of code Vulnerability details Bug Description Throughout the codebase, the protocol uses the supportsERC165InterfaceUnchecked() function from Openzeppelin's ERC165Checker.sol to check for the support of ERC-165 interface IDs. However, supportsERC165InterfaceUnchecked() only checks if the...
6.9AI Score
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...
5.4CVSS
0.0005EPSS
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...
5.4CVSS
6.3AI Score
0.0005EPSS
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...
6.3CVSS
5.3AI Score
0.0005EPSS
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...
5.4CVSS
5.3AI Score
0.0005EPSS
CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...
6.3CVSS
6.3AI Score
0.0005EPSS
Gergana Karadzhova-Dangela is used to being with users during some of their toughest moments. Today, she spends much of her time responding to active cybersecurity incidents with Cisco Talos Incident Response, helping customers work through active attacks, many of which put personal data or...
6.9AI Score
Wherever possible, _safeMint() should be used rather than _mint()
Lines of code Vulnerability details Impact _mint() is not recommended in favour of _safeMint(), which guarantees that the recipient is either an EOA. Proof of Concept, https://github.com/code-423n4/2023-07-basin/blob/main/mocks/tokens/MockTokenFeeOnTransfer.sol#L27,...
6.9AI Score
Memory corruption in getBytes32FromBytes() can likely lead to loss of funds
Lines of code Vulnerability details Description The LibBytes library is used to read and store uint128 types compactly for Well functions. The function getBytes32FromBytes() will fetch a specific index as bytes32. /** * @dev Read the ith 32-byte chunk from data. */ function...
6.6AI Score
Possible Front Running on the Permit function
Lines of code Vulnerability details Impact It could cause damage to third parties who use the permit method for transferring the tokens. Proof of Concept The well contract extends the ERC20Permit.sol, which contains a permit function that allow users to transfer assets with signatures. /** * @dev.....
6.7AI Score
At GitHub Security Lab, our main mission is helping secure the open source software we all rely on. While securing applications themselves is important, one of the best ways developers and system administrators can ensure the security of their systems is to create multiple layers of privilege....
6.8AI Score
Flashloan/onFlashLoan() does not comply eip-3156
Lines of code https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/token/PeUSDMainnetStableVision.sol#L129-L139...
6.9AI Score
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary...
6.7CVSS
6.7AI Score
0.0004EPSS
Mitsubishi Electric MELSEC iQ-F Series (Update A)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric --------- Begin Update A Part 1 of 4 --------- Equipment: MELSEC iQ-F, iQ-R, Q, and L series --------- Begin Update A Part 1 of 4 --------- Vulnerability: Plaintext Storage of...
7.5CVSS
7.2AI Score
0.003EPSS
endodontie-berlin-mitte.de Cross Site Scripting vulnerability OBB-3405983
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged...
7.1CVSS
6.8AI Score
0.0004EPSS
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged...
7.1CVSS
6.7AI Score
0.0004EPSS
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged...
7.1CVSS
6.8AI Score
0.0004EPSS
Lines of code https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L38 https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L48-L50...
6.8AI Score
Lines of code https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L22 Vulnerability details Impact Detailed description of the impact of this finding. In solidity, block.timestamp makes use of seconds in calculating time but in the...
7.1AI Score
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged...
6.9AI Score
0.0004EPSS
pause/unpause functionnalities not implemented in many pausable contracts
Lines of code https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L14 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L17 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/OperatorRewardsCollector.sol#L16 Vulnerability...
6.8AI Score
Lines of code Vulnerability details Impact If the recipient address is not properly validated, an attacker could supply a malicious address as the recipient. This could result in the accumulated fees being sent to an unintended or unauthorized party. It could lead to financial loss or disruption...
7AI Score
Lines of code https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L26 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L70-L73 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L22 [Vulnerability details...
6.8AI Score
berlin-alperen.de Cross Site Scripting vulnerability OBB-3404107
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
berlin-hotels.org Cross Site Scripting vulnerability OBB-3384305
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
berlin-housekeeping.de Cross Site Scripting vulnerability OBB-3381334
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Note The official templates of Lima, and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
2.7CVSS
6.6AI Score
0.001EPSS
Note The official templates of Lima, and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
2.7CVSS
6.6AI Score
0.001EPSS
moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of sanitization in the Header and Footer parameter in settings.php which allows an attacker to inject and execute arbitrary JavaScript into the...
6.5AI Score
0.001EPSS
7.1AI Score
0.001EPSS
EntropyReducer - Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFF_SIZE and NULL_BYTES values. The following is how would EntropyReducer organize your payload if BUFF_SIZE was set to 4, and NULL_BYTES to....
7.2AI Score
kiwitcms vulnerable to stored XSS via unrestricted files upload
Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...
8.1CVSS
7.1AI Score
0.001EPSS
kiwitcms vulnerable to stored XSS via unrestricted files upload
Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...
8.1CVSS
7.1AI Score
0.001EPSS
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....
6.7AI Score
Lines of code https://github.com/code-423n4/2023-05-venus/blob/main/contracts/WhitePaperInterestRateModel.sol#L17 Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s ~3...
6.8AI Score
Wrong blocksPerYear calculation in WhitePaperInterestRateModel.sol
Lines of code Vulnerability details Impact In WhitePaperInterestRateModel.sol, File: contracts/WhitePaperInterestRateModel.sol 17 uint256 public constant blocksPerYear = 2102400; There is wrong calculation of blocksPerYear and blocksPerYear is the approximate number of blocks per year that is...
6.8AI Score
Wrong blocksPerYear in WhitePaperInterestRateModel
Lines of code https://github.com/code-423n4/2023-05-venus/blob/main/contracts/BaseJumpRateModelV2.sol#L23 Vulnerability details Impact Venus is deployed on BNB Chain instead of Ethereum. Their block times are different. And WhitePaperInterestRateModel.sol is modified from compound. Therefore,...
6.8AI Score
Extraordinary proposal can become stuck
Lines of code Vulnerability details Since standard and extraordinary proposals use the same treasury funds accounting variables and extraordinary voting period is long enough (1 month), it is possible that extraordinary proposal that was valid and gained enough votes will end up frozen: it might...
6.7AI Score
m.static Directory Traversal vulnerability
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile...
7.5CVSS
5.5AI Score
0.001EPSS
m.static Directory Traversal vulnerability
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile...
7.5CVSS
5.5AI Score
0.001EPSS
Upgraded Q -> 2 from #298 [1683710120837]
Judge has assessed an item in Issue #298 as 2 risk. The relevant finding follows: [L-03] Redundant and dangerous len parameter in readKeyValue Links Impact If the len is not set to input.length minus the offset, there may be unpredictable results due how the algorithm works. Proof of Concept Let's....
6.8AI Score
Upgraded Q -> 2 from #49 [1683711080406]
Judge has assessed an item in Issue #49 as 2 risk. The relevant finding follows: QA10. readKeyValue() fails to enforce the constraint offset+len<=input.length. As a result, the key-value pair might be read from dirty memory area that is beyond the memory range of input and thus could be wrong......
6.7AI Score
StrategyBase.sharesToUnderlying() cannot be overridden to intended mutability
Lines of code Vulnerability details Impact An implementation of sharesToUnderlying(), as inherited from StrategyBase.sol, cannot (contrary to intentions) make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept...
6.8AI Score
StrategyBase.underlyingToShares() cannot be overridden to intended mutability
Lines of code Vulnerability details Impact An implementation of underlyingToShares(), as inherited from StrategyBase.sol, cannot (contrary to intentions) make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept...
6.8AI Score
6.9AI Score
berlin-laeuft.de Cross Site Scripting vulnerability OBB-3288463
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6AI Score
berlin-international-school.de Cross Site Scripting vulnerability OBB-3288460
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6AI Score
Lines of code https://github.com/code-423n4/2023-04-ens/blob/main/contracts/root/Root.sol#L22-L28 https://github.com/code-423n4/2023-04-ens/blob/main/contracts/root/Root.sol#L34-L37 Vulnerability details Proof of Concept When claiming a domain in DNSRegistrar.sol (either through proveAndClaim() or....
6.8AI Score