Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Exploitable Conditions Agent A GitHub Copilot agent that anal...

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

CVE-2025-5256

CVE-2025-5256 Open Redirect in Mautic : The vulnerability affects the /s/action/unlock/user.user/0 endpoint where the returnUrl parameter is not properly validated, allowing an attacker to redirect users to arbitrary external sites. Reported impact includes phishing and delivery of exploits when ...

Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id

Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...

Marketplace may call onERC721Received() and create a lien during buyNftFromMarket(), creating divergence

Lines of code Vulnerability details Impact The contract supports a "push-based" NFT supply, where the price and rate are embedded in the data bytes. This way, the lender doesn't need to additionally approve the NFT but can just transfer it directly to the contract. However, since the contract als...

Possible loss of rewards when staking non-component vaults

Lines of code Vulnerability details Impact Users could gain less rewards if they stake a non-component vault, as compared to reassembling their S1 Citizen with the vault and and staking it as a component vault. Vulnerability Details From the repository's README.md: S1 Citizens without a component...

MultiRewardEscrow.claimRewards() can break for rebasing tokens

Lines of code Vulnerability details Rebasing tokens make balanceOf modifications arbitrarily e.g: Aave share tokens. If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow. Impact Medium Proo...

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

Generalized frontrunning risk for claiming winnings due to request.currentChosenTokenId being public

Lines of code Vulnerability details Impact The function VRFNFTRandomDraw.sol:fulfillRandomWords called by Chainlink receives an array of random words, and uses it to choose a random offset by which the winning tokenId is selected. The chosen tokenId is stored on the public request variable in the...

Contracts will not working correctly after February 2106. Vesting will be locked forever if withdrawn after February 2106.

Lines of code Vulnerability details Impact Contracts will not working correctly after February 2106. Migration takes costs and is risky. You shouldn't pass on this work to future programmers. You should fix it in the first place. In case anything went wrong during migration, a big fund loss will...

A malicious delegatee can always block the delegator from undelegating the lock

Lines of code Vulnerability details Impact A user who has delegated his/hers voting power to a delegatee can break his/hers delegate only by submitting a lock with a higher expiration time than the delegatee after a successful call to increaseUnlockTime function. After that, he has to call the...

_storeRebase() is called with the wrong parameters

Lines of code Vulnerability details storeRebase's signature is as such: Yieldy.solstoreRebase File: Yieldy.sol 104: / 105: @notice emits event with data about rebase 106: @param previousCirculating uint 107: @param profit uint 108: @param epoch uint 109: / 110: function storeRebase 111: uint256...

_rejectBuyout() does not take buys and sells into account until next block, can lead to false effects due to timing

Lines of code Vulnerability details Impact Buyout that should be rejected will be allowed to happen. Proof of Concept Last user to call buy that could have pushed rejectBuyout to reject the buyout wont be accounted for because rejecBuyout is place before the minting of new tokens. Therefore even ...

Wrong reward distribution in Bribe because deliverReward() won't set tokenRewardsPerEpoch[token][epochStart] to 0

Lines of code Vulnerability details Impact Function deliverReward in Bribe contract won't set tokenRewardsPerEpochtokenepochStart to 0 after transferring rewards. Gauge.getReward calls Voter.distribute which calls Gauge.deliverBribes which calls Bribe.deliverReward. so if Gauge.getReward or...

withdrawFees() function shoud require to address to not be zero

Lines of code Vulnerability details Impact withdrawFees don't check that to address is not zero and send fee to the address without any check that confirms admin has set the address. bentoBox don't accept transferring to zero address, otherwise this could be high risk Proof of Concept As you can...

Might not get desired min loan amount if _originationFeeRate changes

Lines of code Vulnerability details Impact Admins can update the origination fee by calling updateOriginationFeeRate. Note that a borrower does not receive their minLoanAmount set in createLoan, they only receive 1 - originationFee minLoanAmount, see lend. Therefore, they need to precalculate the...

Wrong assumption when updating token balance

Handle rfa Vulnerability details Impact When there is a movement of token in the swap and addliquidity function, the balances reserve , is updated based on the difference between the before and after the user transfer the token, however if there is a user that accidently send a token to this...

Rocket.Chat: API Keys Hardcoded in Github repository

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: API Keys is ha...