Environmental Rate Manipulation Attacks on Power Grid Security

The growing complexity of global supply chains has made hardware Trojans a significant threat in sensor-based power electronics. Traditional Trojan designs depend on digital triggers or fixed threshold conditions that can be detected during standard testing. In contrast, we introduce Environmenta...

CVE-2025-3038 code-projects Payroll Management System view_account.php sql injection

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /viewaccount.php. The manipulation of the argument salaryrate leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2023-36528 WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability

Missing Authorization vulnerability in properfraction kk Star Ratings kk-star-ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through = 5.4.3...

CVE-2023-36528 WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability

Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3...

PT-2024-12570 · Unknown · Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: KK Star Ratings versions 5.4.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the KK Star Ratings plugin, allowing rate manipulation via IP spoofing. This vulnerability exploits incorrectly configure...

First mint user can inflate share which can steal asset from other user

Lines of code Vulnerability details Impact A well know inflation attack/first deposit mint bug. The attacker can steal assets from other user's deposit mint. Proof of Concept The Moonwell project is a fork from the Compound Protocol. The MToken the MToken on Compound represents a yield-bearing...

Upgraded Q -> 3 from #74 [1679875886032]

Judge has assessed an item in Issue 74 as 3 risk. The relevant finding follows: Exchange Rate can be manipulated if positions are big enough for a long enough time --- The text was updated successfully, but these errors were encountered: All reactions...

Steal deposit fund in ERC4626 vault by exchange rate manipulation

Lines of code Vulnerability details Impact Although the PirexERC4626 and AutoPxGlp contract check for 0 shares, the rounding down error can still be used to steal new user deposit. Part of the new deposit could be stolen. The attacker may monitor the pool activities to catch the steal...

Manipulation of the Y State Results in Interest Rate Manipulation

Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...