accure interest function is likely failed to accure interest for token with low decimal
Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; { uint256 interestRate = IIRM(irm).getInterestRate(address(this), trancheIndex, totalDeposit, totalBorrow); ...
7AI Score
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....
7.2CVSS
8.8AI Score
0.001EPSS
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....
7.2CVSS
8.8AI Score
0.001EPSS
Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email (uses validator.js email regex underneath and FILTER_VALIDATE_EMAIL for PHP) Validate if the email is not a temporary mail (yopmail-like..., add your own dataset to...
7.1AI Score
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11...
8.8CVSS
8.7AI Score
0.905EPSS
7.1AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability
The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure
Title: Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure Advisory ID: ZSL-2023-5789 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...
7.5CVSS
7.2AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
5.5CVSS
5.5AI Score
0.001EPSS
Magento LTS's guest order "protect code" can be brute-forced too easily
Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....
7.5CVSS
6.7AI Score
0.001EPSS
Magento LTS's guest order "protect code" can be brute-forced too easily
Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....
7.5CVSS
7.1AI Score
0.001EPSS
PrestaShop MyPrestaModules - PhpInfo Disclosure
PrestaShop modules by MyPrestaModules expose...
7.5CVSS
7.6AI Score
0.04EPSS
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...
7.5AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
7.9AI Score
EPSS
Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.0004EPSS
7.1AI Score
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
0.006EPSS
7.1AI Score
H2 Web Interface Create Alias RCE
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
7.1AI Score
9.8CVSS
7.1AI Score
0.006EPSS
9.8CVSS
9.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.4AI Score
EPSS
7.1AI Score
7.1AI Score
Fuji Xerox / Fujifilm Printer Detection (HTTP)
HTTP based detection of Fuji Xerox / Fujifilm printer...
7.1AI Score
7.1AI Score
7.1AI Score
Imcat 4.4 - Phpinfo Configuration
Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1...
7.5CVSS
7.5AI Score
0.014EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.1AI Score
9.9CVSS
7.9AI Score
0.001EPSS