Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

RemoteOwner circular dependency at deployment time

Lines of code Vulnerability details Impact The RemoteOwner.sol contract has a security measure that ensures the sender from the remote/origin chain was the origin chain owner i.e. a RngAuctionRelayerRemoteOwner.sol deployment, and this address is set at deployment time in the constructor. The...

The vulnerability of the Git-based software platform for collaborative code development on GitLab allows a hacker to circumvent security restrictions.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to shortcomings in the authentication process when managing keys and tokens using deployment scripts. Exploiting this vulnerability allows a malicious actor to circumvent security...

Initialization functions can be front-run with malicious values

Handle 0xRajeev Vulnerability details Impact Most contracts have public visibility initialization functions that can be front-run, allowing an attacker to incorrectly initialize the contracts. Due to the use of the delegatecall proxy pattern, PrizePool/YieldSourcePrizePool/StakePrizePool,...

Initialization can be front-run in DAO.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

Initialization can be front-run in USDV.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations

Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability for the Red Team in long term operations. Initial public release at BruCON 2018: Video: https://www.youtube.com/watch?v=OjtftdPts4g Presentation slides:...