Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
9.6CVSS
9AI Score
0.053EPSS
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
9.6CVSS
6.8AI Score
0.053EPSS
CVE-2021-32853 Erxes vulnerable to Cross-site Scripting
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known...
6.1CVSS
9.2AI Score
0.053EPSS
Mitsubishi Electric MELSEC and MELIPC Series Uncontrolled Resource Consumption (CVE-2021-20609)
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware...
7.6AI Score
0.002EPSS
Mitsubishi Electric MELSEC and MELIPC Series Improper Input Validation (CVE-2021-20611)
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions.....
7.6AI Score
0.002EPSS
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions 24 and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions 57 and prior, Mitsubishi Electric MELSEC iQ-R Series...
7.6AI Score
0.002EPSS
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input...
7.8CVSS
6AI Score
0.0004EPSS
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input...
7.8CVSS
6AI Score
0.0004EPSS
is-http2 is vulnerable to Command Injection. The vulnerability exists in the Promise function of index.js due to missing input sanitization which allows an attacker to inject and execute arbitrary commands into the...
7.8CVSS
7.8AI Score
0.0004EPSS
Lines of code https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/AddressDriver.sol#L19 https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/NFTDriver.sol#L19...
6.9AI Score
AddressRegistry might have non-actual record
Lines of code https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L21 https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L40-L49 https://github.com/code-423n4/2023-01-canto-identity/blob/main/src/AddressRegistry.sol#L59-L64...
6.8AI Score
is-http2 vulnerable to Improper Input Validation
All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2...
7.8CVSS
5.3AI Score
0.0004EPSS
is-http2 vulnerable to Improper Input Validation
All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2...
7.8CVSS
5.3AI Score
0.0004EPSS
No support non-18 decimals token
Lines of code https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/JumpRate.sol#L21 https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/JumpRate.sol#L37...
6.8AI Score
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
Unchecked return price > 0 oracle
Lines of code Vulnerability details Impact In the function price, there is no check that the return price that chainlink sends is >0. (uint80 roundId, int256 p, , uint256 updateTime, uint80 answeredInRound) = chainlinkFeed .latestRoundData(); if (updateTime == 0 || answeredInRound <...
6.7AI Score
Lines of code Vulnerability details Impact Instead of using @openzeppelin/contracts, use the upgradable liberty for contracts that should be able to be upgraded. This is the library that should be used :@openzeppelin/contracts-upgradeable Proof of Concept For more info have a look at this resource....
6.8AI Score
berlin-schockt.de Cross Site Scripting vulnerability OBB-3156397
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse...
AI Score
Exploit for Prototype Pollution in Json5
Quasar App (quasar-app-webpack-json5-vulnerability) A Quasar...
0.8AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.315.5] - Revert 'xfs: Lower CIL flush limit for large logs' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: Throttle commits on delayed background CIL push' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug:...
7.8CVSS
-0.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.315.5] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug: 34917369] [5.4.17-2136.315.4] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473] - uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug:...
7.8CVSS
-0.6AI Score
0.001EPSS
Destruction of the SmartAccount implementation
Lines of code https://github.com/code-423n4/2023-01-biconomy/blob/53c8c3823175aeb26dee5529eeefa81240a406ba/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L192...
6.7AI Score
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the interna...
9.8CVSS
9.5AI Score
0.003EPSS
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the interna...
9.8CVSS
0.003EPSS
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the interna...
9.8CVSS
9.6AI Score
0.003EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
0.002EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.5AI Score
0.002EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.5AI Score
0.002EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.7AI Score
0.002EPSS
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the interna...
9.7AI Score
0.003EPSS
Only one GroupBuy can ever use USDT or similar tokens with front-running approval protections
Lines of code Vulnerability details Calling approve() without first calling approve(0) if the current approval is non-zero will revert with some tokens, such as Tether (USDT). While Tether is known to do this, it applies to other tokens as well, which are trying to protect against this attack...
6.7AI Score
Miners Can Re-Roll the VRF Output to Game the Protocol
Lines of code Vulnerability details Impact Miners are able to rewrite a chain's history if they dislike the VRF output used by the protocol. Consider the following example: A miner or well-funded user is participating in the PoolTogether protocol. A VRF request is made and fulfilled in the same...
6.8AI Score
Lines of code Vulnerability details Impact Without proper input validation, it is possible for attackers to pass malicious input to the contract, potentially causing unintended behavior or even allowing the attacker to exploit the contract. Proof of Concept an attacker could pass a negative value.....
6.7AI Score
depositAndTrade::exactInputSingleParams the possible return values not checked
Lines of code Vulnerability details Impact The return values from _collateral.deposit() and _collateral.transferFrom() are not used. This means that the values returned by those functions will not be stored or used in the code. The _swapRouter.exactInputSingle() function also likely returns no....
6.6AI Score
Unbreakable Enterprise kernel security update
[5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect...
7.8CVSS
0.3AI Score
0.0004EPSS
Missing modifiers in the functions of several parent contracts
Lines of code https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/AllowedMsgSenders.sol#L15-L18 https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/TokenSenderCaller.sol#L11-L14...
6.8AI Score
A finding that cannot be disclosed at the moment
Lines of code Vulnerability details This finding couldn't be disclosed at the time when the contest was running. After consulting with CloudEllie, it was decided to create a stub report so the finding could be submitted after the contest is over. A checksum of the report:...
6.8AI Score
Changes not being stored in Delta.sol
Lines of code Vulnerability details Changes not being stored in Delta.sol Impact Functions working without proper storage dealing into unexpected behaviors Proof of Concept function combine(Instance memory self, Instance memory delta) internal pure { if (!self.skipCombine)...
6.8AI Score
Lines of code https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/Collateral.sol#L45-L61 https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/Collateral.sol#L80-L83...
7.3AI Score
[NAZ-M2] Usage of send() Can Result In Revert
Lines of code https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/RedeemHook.sol#L22 https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/WithdrawHook.sol#L77 Vulnerability details Impact Several...
6.7AI Score
Unbreakable Enterprise kernel-container security update
[5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect...
7.8CVSS
0.3AI Score
0.0004EPSS
Lines of code https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/FixedPrice.sol#L14-L24 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDA.sol#L92-L96...
6.8AI Score
Upgraded Q -> H from #439 [1670433195074]
Judge has assessed an item in Issue #439 as H risk. The relevant finding follows: L02 - _close() should not be able to close a specific id credit line As per the docs: Can a Borrower chose to repay any debt in any order? No. The app automatically selects which credit line can be repaid using a...
6.7AI Score
Upgraded Q -> M from #76 [1670347574630]
Judge has assessed an item in Issue #76 as M risk. The relevant finding follows: L02] address.call{value:x}() should be used instead of payable.transfer() Impact The use of payable.transfer() is heavily frowned upon because it can lead to the locking of funds. The transfer() call requires that the....
6.8AI Score
Upgraded Q -> M from #400 [1670236164031]
Judge has assessed an item in Issue #400 as M risk. The relevant finding follows: L04 - LiquidStakingManager.dao can rug node operators with executeAsSmartWallet() daoCommissionPercentage is used to calculate the portion of node operator network rewards that are sent to dao, when a node runner is.....
6.8AI Score
CrossChainExecutorPolygon does not implement the executeCalls function
Lines of code https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/interfaces/ICrossChainExecutor.sol#L29 Vulnerability details Impact The CrossChainExecutor contracts in the codebase are meant to follow the CrossChainExecutor interface as defined in EIP-5164......
6.8AI Score
kubeview is vulnerable to access restriction bypass. The vulnerability exists in default function of api.js, because api/scrape/kube-system does not require authentication which allows an attacker to bypass the restrictions and retrieve certificate files that can be used to authenticate as...
9.8CVSS
9.1AI Score
0.013EPSS
Possible double spending issue for PirexERC4626 vault
Lines of code Vulnerability details Impact Solmate's ERC20 does not provide option to increase/decrease allowance, and only option to do so is by setting it via approve - which sets this amount directly. This poses a problem of double spending, when a user want to check current allowance, and bad.....
6.8AI Score
Black Friday shoppers beware: online threats so far in 2022
The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more.....
-0.4AI Score