Lucene search
K

152 matches found

OSV
OSV
added 2024/09/26 6:15 p.m.5 views

CVE-2024-45987

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery CSRF via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent ...

6.5CVSS5.8AI score0.00229EPSS
Exploits1References1
Code423n4
Code423n4
added 2024/01/07 12:0 a.m.12 views

Upgraded Q -> 2 from #549 [1704652745528]

Judge has assessed an item in Issue 549 as 2 risk. The relevant finding follows: L-02 The first piece created can pass quorumVotes without any votes if totalSupply of ERC20 votes is zero --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
OSV
OSV
added 2023/11/27 5:15 p.m.4 views

CVE-2023-4642

The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition...

5.9CVSS5.8AI score0.00414EPSS
Exploits5References1
Prion
Prion
added 2023/11/27 5:15 p.m.20 views

Race condition

The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition...

2.6CVSS7AI score0.00414EPSS
Exploits5References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.2 views

PT-2023-30018 · WordPress · Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: kk Star Ratings WordPress plugin versions prior to 5.4.6 Description: The issue allows a user to vote multiple times on a poll due to a Race Condition, as the plugin does not implement atomic operations. Recommendations: For versions prior to...

5.9CVSS5.6AI score0.00414EPSS
Exploits5References4
OSV
OSV
added 2023/11/14 7:15 a.m.5 views

CVE-2023-6109

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

3.7CVSS5.8AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2023/11/14 7:15 a.m.25 views

CVE-2023-6109

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

5.3CVSS0.00376EPSS
Exploits0References2
Prion
Prion
added 2023/11/14 7:15 a.m.23 views

Race condition

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

2.6CVSS6.9AI score0.00376EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 6:39 a.m.8 views

CVE-2023-6109 YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

5.3CVSS6.6AI score0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/14 6:39 a.m.33 views

CVE-2023-6109 YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

5.3CVSS5.4AI score0.00376EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.4 views

PT-2023-32522 · WordPress · Yop Poll

Name of the Vulnerable Software and Affected Versions: YOP Poll plugin for WordPress versions up to, and including, 6.5.26 Description: The issue is due to a race condition caused by improper restrictions on the add function. This allows unauthenticated attackers to place multiple votes on a sing...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/10/16 9:9 p.m.43 views

CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

3.7CVSS4.7AI score0.00314EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.13 views

Same multiple delegate values result in wrong calculation of delegated votes

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If by mistake same delegate value is given multiple times to targets array then delegation of votes is wrongly calculated. Proof of Concept Provide direct links to all referenced code in GitHub. Add...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.9 views

Assumptions are currently made that prices would forever be positive

Lines of code Vulnerability details Impact Neglecting the potential for negative asset prices can lead to inaccurate value representation in the Liquidity Pool, possibly affecting calculations related to assets and tokens. It's crucial to note that the value of an asset, even if negative in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

The quorum calculation in the _quorumReached() function is inconsistent and could allow abstain votes to prevent a proposal from reaching quorum even if most participating voters are in favor

Lines of code Vulnerability details Impact This allows abstain voters to effectively veto a proposal, even if most participating voters approve it. Proof of Concept The quorum numerator and denominator are inconsistent. The quorum uses totalVotes for the denominator which includes abstains. But t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

setFullWeightDuration() can be called while a member election is ongoing

Lines of code Vulnerability details Bug Description In SecurityCouncilMemberElectionGovernorCountingUpgradeable, fullWeightDuration which is the duration where a user's votes has weight 1 can be set using setFullWeightDuration: SecurityCouncilMemberElectionGovernorCountingUpgradeable.solL77-L84...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.12 views

Stealing or reusing votes

Lines of code Vulnerability details Impact It is possible to reuse/steal user's votes if they are supposed to cast vote by signature. Proof of Concept Casting votes during nominee election and member election is possible by calling the functions: castVoteWithReasonAndParams...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.12 views

getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply

Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.solL31-L35 /// @notice Get "circulating" votes supply; i.e.,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.8 views

add_gauge doesn't initialize time_weight and update time_sum

Lines of code Vulnerability details Impact In Curve's implementation, when adding gauge, timeweight of gauge type is being initialized and timesum being updated. if self.timesumgaugetype == 0: self.timesumgaugetype = nexttime self.timeweightaddr = nexttime Since timesum has been set in constructo...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.10 views

Voting can fail in early stage of voting in case of voter's voting power increase .

Lines of code Vulnerability details Impact Voting may fail in early stage of voting in case of voter's voting power increase . Proof of Concept In CoreVoting.sol , in terms of voting again the logic in vote function looks like this : // if a user has already voted, undo their previous vote. //...

6.8AI score
Exploits0
Rows per page
Query Builder