@strapi/admin and @strapi/plugin-users-permissions vulnerable to Improper Rate Limiting. The vulnerability is due to bypassable rate limiting logic in the admin and user authentication endpoints which could theoretically allow an attacker to brute force valid username and password...
9.8CVSS
7.1AI Score
0.001EPSS
Strapi Improper Rate Limiting vulnerability
Summary There is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. 2. Details It is possible to avoid this by modifying the rate-limited request path as follows. 1. Manipulating request paths to upper or lower case. (Pattern 1) - In this case,...
9.8CVSS
7AI Score
0.001EPSS
Strapi Improper Rate Limiting vulnerability
Summary There is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. 2. Details It is possible to avoid this by modifying the rate-limited request path as follows. 1. Manipulating request paths to upper or lower case. (Pattern 1) - In this case,...
9.8CVSS
6.6AI Score
0.001EPSS
All the funds will be lost if the destination bridge is paused
Lines of code https://github.com/code-423n4/2023-09-ondo/blob/47d34d6d4a5303af5f46e907ac2292e6a7745f6c/contracts/bridge/DestinationBridge.sol#L31 Vulnerability details Impact Destination bridge is pausable, so if for a chain a destination bridge is paused, all the funds being bridged from...
6.8AI Score
prague-ticket-concert.com Cross Site Scripting vulnerability OBB-3652377
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply
Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply() function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.sol#L31-L35 /// @notice Get "circulating" votes supply;...
6.8AI Score
Lines of code https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/SecurityCouncilManager.sol#L420-L443 Vulnerability details Impact SecurityCouncilMemberSyncAction.perform is a crucial function that will be triggered by upgrade...
6.8AI Score
Anyone can call the perform function because there is no access control
Lines of code #L31-#L75 Vulnerability details Impact Anyone can call the perform function. It can lead to unauthorized changes in the security council. Proof of Concept There is no access control in the perform function and it is marked "external". function perform(address _securityCouncil,...
6.9AI Score
Lines of code Vulnerability details Impact The _securityCouncil update will be prevented by continuously calling the perform function. Since the function rely on the nonce value, this function can be continuously called and nonce value is updated. This would prevent the valid security council...
7.2AI Score
Anyone can change the members of Security Council
Lines of code Vulnerability details Impact Anyone can change the members of security council by calling the function perform in the contract SecurityCouncilMemberSyncAction.sol as the function is open to all. Proof of Concept uint256 updateNonce = getUpdateNonce(_securityCouncil); if...
6.8AI Score
Anyone can become owner of GnosisSafe(securityCouncil) contracts
Lines of code Vulnerability details Impact Member roles in SecurityCouncilManager contract can change owners of GnosisSafe(securityCouncil) contracts by schedulinig a perform call to ArbitrumTimelock contract. However the contract that handles updating owners(security council members) with perform....
6.7AI Score
Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer
Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the.....
6.9AI Score
Lines of code Vulnerability details Impact The _lastFollowTokenId of FollowNFT contract has a storage collision. V2.0 storage layout: | _lastFollowTokenId | uint128 | 17 | 0 | 16 | contracts/FollowNFT.sol:FollowNFT | |...
7AI Score
Reentrancy Vulnerability in MErc20Delegate.sol
Lines of code Vulnerability details Impact The fallback function delegates calls to the implementation contract using delegatecall. This allows the implementation contract to call back into MErc20Delegate before the original delegatecall completes. An attacker could exploit this vulnerability to...
6.9AI Score
Collateralization ratio manipulation can cause a denial of service
Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in #31 and implemented by the sponsor in this commit doesn't resolve the root...
7AI Score
Users with DEPLOY permission can grief each other through CREATE2
Lines of code Vulnerability details Bug Description In ERC725XCore.sol, the _deployCreate2() function uses Openzeppelin's Create2.deploy() to deploy new contracts: ERC725XCore.sol#L253-L267 function _deployCreate2( uint256 value, bytes memory creationCode ) internal virtual...
6.7AI Score
Lines of code Vulnerability details Impact In VirtualAccount.sol.withdrawERC20(), Transaction revert if the Token does not support 0 value transfer when transferring tokens to recipient address. File: src/ulysses-omnichain/VirtualAccount.sol 31 function withdrawERC20(address _token, uint256...
6.9AI Score
Nothing but .NET? Smashery continues to… smash it by updating our .NET assembly execution module. The original module allowed users to run a .NET exe as a thread within a process they created on a remote host. Smashery’s improvements let users run the executable within a thread of the process...
8.8CVSS
7.8AI Score
0.97EPSS
prague-guide.fr Cross Site Scripting vulnerability OBB-3476584
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Default coin spend limit was set wrong for ETH
Lines of code https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/types/params.go#L31-L35 Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4....
6.9AI Score
Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the.....
6.9AI Score
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
4.3CVSS
4.3AI Score
0.001EPSS
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
4.3CVSS
5.2AI Score
0.001EPSS
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers...
4.3CVSS
5.1AI Score
0.001EPSS
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers...
4.3CVSS
4.2AI Score
0.001EPSS
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers...
4.3CVSS
4.6AI Score
0.001EPSS
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
4.3CVSS
4.6AI Score
0.001EPSS
Lines of code Vulnerability details Impact When the _poolId and _id values are not within the expected range and appropriate bounds checking is not performed in the contract, it can result in high risk and vulnerabilities. Here are some potential risks and vulnerabilities that can arise: Invalid...
7.6AI Score
Position ownership could be transferred to zero address
Lines of code Vulnerability details Impact Ownership of a Position could be transferred to zero address. This is usually caused by mistake but the consequence is loss of collateral. Proof of Concept The position owner calls transferOwnership but accidentally set newOwner address to 0x0. Tools Used....
6.8AI Score
Lines of code https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/MintingHub.sol#L54-L57 https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/MintingHub.sol#L124...
6.8AI Score
yuan1994/tpadmin is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded in Upload.php, allowing an attacker to bypass the file upload restrictions and take over server...
7.2CVSS
6.9AI Score
0.002EPSS
prague-trade.cz Cross Site Scripting vulnerability OBB-3261808
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...
6.1CVSS
6AI Score
0.003EPSS
A user can mint a PFP NFT multiple times using the same _nftId
Lines of code Vulnerability details Impact A user might unintentionally "intentionally" try to take advantage of the mint() function in ProfilePicture.sol Proof of Concept The pfp mapping stores the pfp data per NFT, L31-32 of Profilepicture.sol /// @notice Stores the pfp data per NFT...
6.8AI Score
Lines of code Vulnerability details This is a report of a finding in bootloader.yul. While the file is out of scope of the contest, the sponsor stated that they would still accept findings in the file and would judge them separately from the contest. Impact A bytecode hash for which the bytecode...
6.9AI Score
Users pay excessive gas cost for sending bytecode hashes to L1
Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...
6.9AI Score
prague-ticket-concert.com Cross Site Scripting vulnerability OBB-3225115
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Lines of code https://github.com/code-423n4/2023-03-aragon/blob/4db573870aa4e1f40a3381cdd4ec006222e471fe/packages/contracts/src/framework/plugin/repo/PluginRepoFactory.sol#L122 Vulnerability details Impact Detailed description of the impact of this finding. Any developer can create their plugin...
7.3AI Score
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6.1AI Score
0.003EPSS
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6AI Score
0.003EPSS
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6.1AI Score
0.003EPSS
GitHub Security Lab audited DataHub: Here’s what they found
At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), we also love to contribute back to the community by helping improve the security posture of the OSS....
9.8CVSS
0.3AI Score
EPSS
Inadequate Maximum Orders Value in Determining Minimum Buy Amount Per Order
Lines of code Vulnerability details Impact The MAX_ORDERS constant is defined as a uint96, which has a maximum value of 2^96-1. This means that the maximum number of orders that the contract is able to handle is 2^96-1. However, if the number of orders exceeds this maximum value, the calculation...
7.2AI Score
prague-ticket-concert.com Cross Site Scripting vulnerability OBB-3103858
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
depositAndTrade::exactInputSingleParams the possible return values not checked
Lines of code Vulnerability details Impact The return values from _collateral.deposit() and _collateral.transferFrom() are not used. This means that the values returned by those functions will not be stored or used in the code. The _swapRouter.exactInputSingle() function also likely returns no....
6.6AI Score
Overflow in BinMap can break pool
Lines of code https://github.com/code-423n4/2022-12-Stealth-Project/blob/fc8589d7d8c1d8488fd97ccc46e1ff11c8426ac2/maverick-v1/contracts/libraries/BinMap.sol#L31...
6.9AI Score
Update initializer library to prevent reentrancy during initialization
Lines of code Vulnerability details Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an external initializer function, usually called initialize. It then becomes necessary to protect this initializer function so it can only be called once. The...
6.8AI Score
Missing msg.value when executing the cross-chain request
Lines of code https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-optimism/EthereumToOptimismExecutor.sol#L45 https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-polygon/EthereumToPolygonExecutor.sol#L57.....
7.2AI Score
CrossChainExecutor contracts do not update the necessary states for failing transactions.
Lines of code https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-arbitrum/EthereumToArbitrumExecutor.sol#L31-L45 Vulnerability details Impact The CrossChainExecutorArbitrum and CrossChainExecutorOptimism contracts both use CallLib library to invoke...
7.2AI Score
DoS on relayCalls when the nonce variable reach type(uint256).max
Lines of code https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-optimism/EthereumToOptimismRelayer.sol#L49-L78...
6.7AI Score