Lucene search
K

227 matches found

Cvelist
Cvelist
added 2025/05/15 5:24 p.m.26 views

CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

6.3CVSS0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21348

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue concerns the slice builtin in Vyper, which can elide side effects when the output length is 0 and the source bytestring is a builtin, such as msg.data or .code. This occurs...

6.3CVSS6.1AI score0.00384EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21347

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue arises from the concat function potentially skipping the evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation tha...

6.3CVSS6.2AI score0.00371EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from a slice function that may skip side-effect evaluation when the output length is zero...

6.3CVSS5.4AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from concat potentially skipping side-effect evaluation when the parameter length is zero...

6.3CVSS5.4AI score0.00371EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/04/14 12:0 a.m.282 views

📄 Langflow AI Remote Code Execution

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS10AI score0.9999EPSS
Exploits33
OSV
OSV
added 2025/02/21 10:43 p.m.4 views

GHSA-H33Q-MHMP-8P67 Vyper has a double eval in For List Iter

Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable updated in the loop body and thus lead to unexpected progra...

2.3CVSS5.8AI score0.00412EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/02/21 10:43 p.m.20 views

Vyper has a double eval in For List Iter

Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable updated in the loop body and thus lead to unexpected progra...

7.5CVSS7AI score0.00412EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/23 5:22 p.m.10 views

GHSA-HF59-7RWQ-785M In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...

5.3CVSS5.4AI score0.00499EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/23 5:22 p.m.16 views

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...

5.3CVSS5.4AI score0.00499EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/10/23 5:15 p.m.12 views

CVE-2024-49756

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS0.00499EPSS
Exploits0References4
CVE
CVE
added 2024/10/23 5:4 p.m.48 views

CVE-2024-49756

AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...

5.3CVSS5.2AI score0.00499EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/23 5:4 p.m.24 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS0.00499EPSS
Exploits0References4
OSV
OSV
added 2024/10/23 5:4 p.m.10 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS6.6AI score0.00499EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/10/23 5:4 p.m.14 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS5.3AI score0.00499EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.152 views

Cisco DCNM Auth Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' require 'base64' class MetasploitModule 'Cisco DCNM auth bypass', 'Description' = %q This exploit is able to add an admin account to a Cisco DCNM...

10CVSS7AI score0.85649EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.1478 views

CVE-2023-21554 QueueJumper - MSMQ Remote Code Execution Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'CVE-2023-21554 - QueueJumper - MSMQ RCE Check', 'Description' = %q This module checks the provided hosts for the CVE-2023-21554...

9.8CVSS7AI score0.95454EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.173 views

Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear R7000 backup.cgi Heap Overflow RCE', 'Description' = %q This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of...

8.8CVSS7AI score0.14177EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.257 views

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

9.8CVSS7.4AI score0.99657EPSS
Exploits24
Metasploit
Metasploit
added 2024/08/28 6:53 p.m.276 views

Gather electerm Passwords

This module will determine if electerm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/electerm msf postelecte...

6.9AI score
Exploits0
Rows per page
Query Builder