Path Traversal

@backstage/backend-common is vulnerable to Path Traversal. The vulnerability is due to improper path checks in the resolveSafeChildPath function within paths.ts. Attackers could exploit this weakness to conduct path traversal attacks if they can inject symlink paths...

PT-2024-15699 · WordPress · Vk Block Patterns

Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...

PT-2024-15454 · Youke365 · Youke365

Name of the Vulnerable Software and Affected Versions: Youke365 versions up to 1.5.3 Description: A critical issue was found in the Parameter Handler component, specifically in the file /app/api/controller/caiji.php. The manipulation of the url argument leads to server-side request forgery,...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

claimAuction can be reverted by any bidder, locking all funds and the prize.

Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...

All the funds will be lost if the destination bridge is paused

Lines of code Vulnerability details Impact Destination bridge is pausable, so if for a chain a destination bridge is paused, all the funds being bridged from different source bridges from different chains will be lost. Proof of Concept Destination bridge inherits from the openzeppelin pausable.so...

Improperly tracking asset reserve for WETH

Lines of code Vulnerability details Impact Function RdpxV2Corewithdraw lets delegate owners withdraw their unused WETH. However, withdrawn amount is not deducted from totalWethDelegated, which causes WETH asset reserve tracked improperly. The impacts could be: 1. Function sync gets reverted when...

CVE-2021-33390

dpic 2021.04.10 has a use-after-free in thedeletestringbox function in dpic.y. A different vulnerablility than CVE-2021-32421...

GHSA-2GGP-CMVM-F62F ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

PT-2023-4177 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.6.0 Description: The issue exists due to the failure to neutralize special elements used in an operating system command. This could allow an attacker to execute arbitrary commands or cause a denial of service. The...

PT-2023-20769 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue was found in the function manager category of the file admin/?page=categories/manage category of the component GET Parameter Handler. The manipulation ...

CVE-2023-30088

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsexecute function in mjs.c...

CVE-2021-45985

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...

PT-2023-10163 · Bestwebsoft · Bestwebsoft Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Contact Form Plugin version 1.3.4 Description: A vulnerability was found in the BestWebSoft Contact Form Plugin and classified as problematic. The issue affects the function bws add menu render of the file bws menu/bws menu.php. T...

PT-2023-7275 · D Link · D-Link Dir-878

Name of the Vulnerable Software and Affected Versions: D-Link DIR878 version 1.30B08 Description: The issue is related to a stack overflow in the sub 498308 function, which can be exploited to cause a Denial of Service DoS or execute arbitrary code via a crafted payload. This can be achieved by a...

Missing critical check of amount minted tokens in stake() -> deposit()

Lines of code Vulnerability details Impact No require to ensure that SfrxEth or WstEth is minted when calling in SafEth.sol stake - IDerivative.deposit function Proof of Concept In the deposit function in Reth.sol has a require statement to ensure that the token was actually minted. But there is ...

Denial Of Service (DoS)

liblouis.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lousetDataPath function in compileTranslationTable.c because it does not check the length of a path before copying into the dataPath which allows an attacker to cause a buffer overflow which leads to an...

CVE-2023-0433

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225...

CSRF leading to delete a user

Description The deleting a user functionality is vulnerable to a CSRF attack. The cause is same with the deleting a domain functionality. Proof of Concept 1. Login as admin. 1. Create a user to be deleted. E.g. the user ID is 2. 1. Open the following file in the browser. html history.pushState'',...

PT-2022-36424 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: A resource leak was discovered in the mv xor v2 remove function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v4.16 and is fixed ...