CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Cvelist•added 2026/04/01 12:0 a.m.•21 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

0.00279EPSS

Exploits0References2

Code423n4•added 2023/12/21 12:0 a.m.•19 views

Delegation to address(0) causes permanent loss of voting power

Lines of code Vulnerability details Impact As stated in the comment on line 12 of NontransferableERC20Votes.sol, delegation of vote power can be done through the delegate function or by providing a signature to be used with delegateBySig. However, these functions do not prevent users from...

7AI score

Exploits0

Code423n4•added 2023/12/21 12:0 a.m.•5 views

An artPiece with a creator address set to address(0) leads to a pseudo-permanent DoS if it ends up being auctioned.

Lines of code Vulnerability details Vulnerability details Description There is a potential for a DoS in the AuctionHouse contract related to the buyToken call from the ERC20TokenEmitter. This is due to the buyToken using the mint function to all the addresses that are stored on the creators array...

6.9AI score

Exploits0

Vulnrichment•added 2023/08/10 7:52 p.m.•12 views

CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.2AI score0.00611EPSS

Exploits0References6

RedHat Linux•added 2023/07/12 8:27 a.m.•3 views

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

6.4CVSS7.5AI score0.00333EPSS

Exploits0References5

OSV•added 2023/06/21 10:6 p.m.•14 views

GHSA-WFG4-322G-9VQV memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

7.1AI score

Exploits0References4

Code423n4•added 2023/04/28 12:0 a.m.•15 views

Insecure Ownership Management in DNSSECImpl.sol

Lines of code Vulnerability details Impact This finding highlights a potential security risk related to the lack of safeguards when changing ownership in the DNSSECImpl.sol contract. As it stands, the current implementation allows for the owner to be set to address0, which could result in the los...

6.8AI score

Exploits0

Code423n4•added 2022/12/16 12:0 a.m.•8 views

In case the winner is the address(0)

Lines of code Vulnerability details Impact Temporary freezing NFT this can be more than one period Proof of Concept On VRFNFTRandomDraw.fulfillRandomWords 254 request.currentChosenTokenId = 255 randomWords0 % tokenRange + 256 settings.drawingTokenStartId; In case ownerOfrequest.currentChosenToken...

6.8AI score

Exploits0

Code423n4•added 2022/11/13 12:0 a.m.•6 views

Address(0) owner is dangerous

Lines of code Vulnerability details Impact If the current owner confirms the renouncement, the new owner will have address zero. In this case no new owner can be assigned and the functions with onlyOwner modifier will be un-callable forever. Proof of Concept This mechanism is dangerous, because i...

6.7AI score

Exploits0

Code423n4•added 2022/11/08 12:0 a.m.•7 views

Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created

Lines of code Vulnerability details Impact createAuction in SizeSealed.sol performs no validation of the auction parameters AuctionParameters sent to it and will allow a Seller to create an auction with an ERC20 quoteToken of address0 putting at risk the baseToken that has real value. In addition...

6.7AI score

Exploits0

OSV•added 2022/09/07 12:0 p.m.•18 views

RUSTSEC-2022-0063 Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

8.4CVSS9.1AI score0.00707EPSS

Exploits1References3

Code423n4•added 2022/07/16 12:0 a.m.•10 views

User can set auctioneer to address(0) to prevent vault from being liquidated

Lines of code Vulnerability details Impact Vault cannot be liquidated Proof of Concept auction can be called with any address as the 'to' address. A majority of ERC20 tokens will revert if a transfer is initiated to address0, notably, including USDC. Since the auctioneer is paid each time a payme...

6.8AI score

Exploits0

Code423n4•added 2022/06/26 12:0 a.m.•7 views

IStaking(contracts[i]).canBatchContracts() will revert due to the fact that contracts[i] can contain address(0)

Lines of code Vulnerability details Issue: canBatchContracts will revert due to the fact that contractsi can contain address0 as an address which will revert the whole call. Affected Code File: BatchRequests.sol 33: function canBatchContracts external view returns Batch memory 34: uint256...

6.8AI score

Exploits0

Code423n4•added 2022/05/08 12:0 a.m.•12 views

SpeedBumpPriceGate.sol and FixedPricePassThruGate.sol should check whether gate.beneficiary is address(0)

Lines of code Vulnerability details Impact In SpeedBumpPriceGate\addGate and FixedPricePassThruGate\addGate, it doesn’t check whether gate.beneficiary is address0. Therefore, when doing passThruGate. ETH will be sent to address0. These ETH can never be taken back. Proof of Concept beneficiary can...

6.9AI score

Exploits0

Code423n4•added 2022/04/02 12:0 a.m.•8 views

Setting the minter address to address(0) can lead to breaking the contract set.

Lines of code Vulnerability details Impact The highlighted issue can lead to breaking the functionality of the contract set. Proof of Concept At certain set functions in the codebase, we are allowing setting the values to address0 or the case where old address = new address. This was observed in...

6.9AI score

Exploits0

Code423n4•added 2021/05/01 12:0 a.m.•10 views

Beebots.TradeValid() Will Erroneously Return True When Maker Is Set To Address(0) and makerIds Are Set To The TokenIds of Unminted Beebot NFTs

Handle jvaqa Vulnerability details Impact Beebots.TradeValid Will Erroneously Return True When Maker Is Set To Address0 and makerIds Are Set To The TokenIds of Unminted Beebot NFTs Beebots.verify Returns True No Matter What Signature Is Given When Signer Is Set To address0. This means that...

6.8AI score

Exploits0

0day.today•added 2019/03/06 12:0 a.m.•149 views

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem Exploit

Linux memrw - accessremotevm - accessremotevm - getuserpagesremote - getuserpageslocked - getuserpages - findextendvma Then, if the VMA in question has the VMGROWSDOWN flag set: expandstack - expanddownwards - securitymmapaddr - capmmapaddr This, if the address is below dacmmapminaddr, does a...

5.5CVSS6.8AI score0.05667EPSS

Exploits6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by