Missing important check in getOwnerAddress() function in DNSClaimChecker.sol
Lines of code Vulnerability details Impact getOwnerAddress() function used in DNSClaimChecker.sol is missing important check on the type and class of the records. Also this getOwnerAddress() function is used in DNSRegistar.sol _claim function to claim a name using the given proofs Since there are.....
6.9AI Score
BytesUtils.keccak does not revert when offset is out of bounds
Lines of code Vulnerability details Impact The BytesUtils.keccak function accepts out of bound offset value and returns a valid response without reverting. function keccak( bytes memory self, uint256 offset, uint256 len ) internal pure returns (bytes32 ret)...
6.8AI Score
SHA1Digest Contract Vulnerability
Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...
6.9AI Score
github.com/iofinnet/thresh, github.com/thorchain/thorchain-tss and github.com/bnb-chain/tss-lib are vulnerable to Timing Attacks. The vulnerability exists due to a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic which allows an...
9.1CVSS
8.7AI Score
0.001EPSS
Lines of code https://github.com/code-423n4/2023-04-ens/blob/main/contracts/dnssec-oracle/algorithms/ModexpPrecompile.sol#L7 Vulnerability details Impact This vulnerability to cause unexpected behavior or even a denial-of-service attack on a contract that uses the RSAVerify library on...
7AI Score
Description URL parsing with Qwik uses the new URL(a, b) constructor. A little-known fact about this constructor is that if an attacker controls a they have complete control of the finally resolved URL. For example: const url = new URL(attacker_value, "http://localhost") By entering //test.com,...
6.5CVSS
6.5AI Score
0.001EPSS
Lines of code Vulnerability details Impact // From https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol The current implementaion is using a non-upgradeable version of the Ownable library isnstead of the upgradeable version:...
6.8AI Score
Lines of code Vulnerability details Impact Ethereum contracts often assumes that the signature is unique, but signatures can be altered without the possession of the private key and still be valid. The EVM specification defines several so-called ‘precompiled’ contracts one of them being ecrecover.....
6.7AI Score
VetoProposal#voteToVeto can be called repeatedly by same voter and be used to lock party
Lines of code Vulnerability details Impact Party can be locked due to not being able to pass and proposals Proof of Concept VetoProposal.sol#L37-L59 uint96 votingPower = party.getVotingPowerAt( msg.sender, proposalValues.proposedTime - 1, snapIndex ); uint96...
6.7AI Score
Voters can call VetoProposal.voteToVeto() as many times as they like.
Lines of code Vulnerability details Impact Each voter can veto a proposal if they want by calling voteToVeto() several times to pass the passThresholdBps. Proof of Concept Every voter shouldn't vote several times, otherwise, the voting system will be broken. But voteToVeto() doesn't check the...
6.8AI Score
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a...
8.8CVSS
7.7AI Score
0.003EPSS
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a...
8.8CVSS
8.4AI Score
0.003EPSS
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a...
7.5CVSS
8.8AI Score
0.003EPSS
berlin-swinging-bears.de Cross Site Scripting vulnerability OBB-3258568
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
aegyptisches-museum-berlin-verein.de Cross Site Scripting vulnerability OBB-3258277
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
endodontie-berlin-mitte.de Cross Site Scripting vulnerability OBB-3256793
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
berlin-shuttle.de Cross Site Scripting vulnerability OBB-3255992
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.8AI Score
berlin-housekeeping.de Cross Site Scripting vulnerability OBB-3255990
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.8AI Score
berlin-en-ligne.de Cross Site Scripting vulnerability OBB-3253612
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
Lines of code Vulnerability details Impact The CollectionBatchBuyOperator contract allows parties to buy NFTs through proposals. The proposal specifies an nftContract and token IDs (via the nftTokenIdsMerkleRoot parameter) that can be bought. Allowed executors can then execute the actual purchase.....
7.2AI Score
OperatorProposal.sol: Leftover ETH is not refunded to the msg.sender
Lines of code Vulnerability details Impact The OperatorProposal contract is a type of proposal that allows to execute operations on contracts that implement the IOperator interface. Upon execution of the proposal it might be necessary that the executor provides ETH. This is true especially when...
7.1AI Score
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which...
6.7AI Score
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. When the amount of votes collected to veto a proposal exceeds a certain threshold (the passThresholdBps, which is determined upon initialization of the party), the proposal...
7AI Score
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
6.5CVSS
7.5AI Score
0.003EPSS
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
7.7CVSS
6.3AI Score
0.003EPSS
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
7.7CVSS
7.2AI Score
0.003EPSS
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
7.7CVSS
7.6AI Score
0.003EPSS
berlin-tourismus.de Cross Site Scripting vulnerability OBB-3244619
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
berlin-visavis.de Cross Site Scripting vulnerability OBB-3242504
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
7.4AI Score
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions 32 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 65 and prior, Mitsubishi Electric Corporation MELSEC...
7.6AI Score
0.002EPSS
Lines of code https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L183 https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L243 https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L215...
6.9AI Score
Profile Picture: Address Registry should maintain storage between consecutive deploys
Lines of code https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-pfp-protocol/src/ProfilePicture.sol#L101 https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-identity-protocol/src/CidNFT.sol#L432 Vulnerability details [H-01] Profile Picture: Address Registry...
6.8AI Score
Lines of code Vulnerability details Impact First, I need to clarify, there may be more serious ways to exploit this issue. Due to the lack of time and documents, I cannot complete further exploit. The current exploit has only achieved the impact in the title. I will expand the possibility of...
7AI Score
EVM Elliptic Curve Recovery Discrepancy
Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an (r, s,....
6.8AI Score
Lines of code https://github.com/code-423n4/2023-03-zksync//blob/main/contracts/openzeppelin/token/ERC20/utils/SafeERC20.sol#L22 Vulnerability details Impact The safeTransfer function of the SafeERC20.sol contract check that the target is actually a contract before calling it, this is to avoid...
6.9AI Score
Users pay excessive gas cost for sending bytecode hashes to L1
Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...
6.9AI Score
DefaultAccount will add system call flag to any call with msg.value
Lines of code https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/libraries/EfficientCall.sol#L134-L145 https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/MsgValueSimulator.sol#L22-L29...
6.8AI Score
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....
7.8CVSS
7.8AI Score
0.969EPSS
If random number is too low, the lottery not completely random
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/TicketUtils.sol#L43-L76 Summary Random numbers below a certain limit will always return at least one rightmost bit, while numbers above this limit will return random bits. Explanation: The winning...
6.7AI Score
The Lottery Contract's Lack of Safeguards May Lead to Insufficient Funds for Jackpot Payouts
Lines of code Vulnerability details While it may be true that the probability of the scenario happening is low, it does not necessarily mean that the issue should not be considered valid. A low probability does not mean that the vulnerability should be ignored, especially if it can lead to a loss.....
6.7AI Score
elektriker-berlin-charlottenburg.de Cross Site Scripting vulnerability OBB-3210784
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Contract not initialized after deployment
Lines of code https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol#L62...
6.9AI Score
ReaperBaseStrategyv4 is not Initializable
Lines of code https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol#L62...
6.9AI Score
Centralization Risk for trusted owners
Lines of code https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/BorrowerOperations.sol#L18 https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/LQTY/CommunityIssuance.sol#L14...
6.9AI Score
jtrussell/semver-tags is vulnerable to Command Injection The vulnerability exists due to improper user-input sanitization in the getGitTagsRemote function, which allows an attacker to execute arbitrary...
7.8CVSS
5.2AI Score
0.0004EPSS
Erxes vulnerable to Cross-site Scripting
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
9.6CVSS
9AI Score
0.053EPSS
Erxes vulnerable to Cross-site Scripting
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
9.6CVSS
8.4AI Score
0.053EPSS
KUMAFeeCollector.changePayees() executes incorrectly when newPayees contains duplicate items
Lines of code Vulnerability details Impact When calling KUMAFeeCollector.changePayees() with duplicate payees in newPayees, the call is not reverted and the result state will be incorrect. Proof of Concept Contract KUMAFeeCollector does not support duplicate payees. The transaction will revert...
6.8AI Score
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
9.6CVSS
8.8AI Score
0.053EPSS