WordPress theme Soledad code issue vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A code issue vulnerability exists in WordPress theme Soledad version 8.4.1 and prior versions, which...

Modifying the loan term setting can default existing loans

Lines of code Vulnerability details Summary Protocol admins can modify the loan term settings. This action can inadvertently default existing loans created under different terms. Impact Positions in the Particle LAMM protocol are created for a configurable period of time, defined by the LOANTERM...

increaseLiquidity/decreaseLiquidity Lack of slippage protection

Lines of code Vulnerability details Vulnerability details In ParticlePositionManager.mint, there is slippage protection by params.amount0Min / params.amount1Min But in increaseLiquidity, pool.mint will also be executed There is no slippage protection function increaseLiquidity uint256 tokenId,...

WordPress Plugin Gravity Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Plugin Master Slider Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Plugin User Submitted Posts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Plugin Themify Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Plugin Symbiostock Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Audiobookshelf Code Issue Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A code issue vulnerability exists in Audiobookshelf 2.4.3 and earlier versions, which stems from the ability of a user with updated privileges to read arbitrary files, delete arbitrary files, and send a...

Google Pixel Security Breach

Google Pixel is a smartphone from the American company Google. Google Pixel has a security vulnerability that stems from the presence of a logic error in the code...

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

Symbolicator Code Issue Vulnerability

Symbolicator is a symbol service for native stack traces and small dumps with symbol server support. A code issue vulnerability exists in Symbolicator versions 0.3.3 through 23.11.2, which stems from the fact that an attacker can use a specially crafted HTTP endpoint to allow Symbolicator to send...

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

Sql injection

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

CVE-2023-40056

SolarWinds Orion Platform is affected by a SQL Injection Remote Code Execution vulnerability (CVE-2023-40056). The known flaw exists in the VimChartInfo class and arises from improper validation of a user-supplied string used to construct SQL queries, enabling remote code execution. Exploitation ...

Ray Code Issues Vulnerabilities

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A code issue vulnerability exists in Ray version 2.6.3, 2.8.0. A remote attacker could exploit this vulnerability to execute arbitrary code via the Job Submission API...

Hardcoded credentials

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

Biased rsETH price calculation in depositAsset results in lesser rsETH minted to user

Lines of code Vulnerability details Impact The LRTDepositPool acts as a simplified vault allowing restakers to transfer their liquid staked tokens and receive rsETH tokens based on the current rsETH exchange rate. rsETH are minted to user by interacting with depositAsset function of LRTDepositPoo...