104 matches found
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...
CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Apache MINA 代码问题漏洞
Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the sender allowance mechanism, which allowed remote attackers to access restricted messages ...
EUVD-2026-4136
Backstage has a Possible SSRF when reading from allowed URL's in backend.reading.allow...
WordPress plugin WP Job Portal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2008-0587
Malware in sbrugna...
EUVD-2018-6011
Malware in sbrugna...
EUVD-2021-0065
Malware in sbrugna...
CVE-2025-30162
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30163 Node based network policies may incorrectly allow workload traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...
Malicious code in bsc-allowance (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05dca51de24dd5fe00f6891f7a049b449842a8eea930e4ffda9a41b6e3bf41a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-15 Malicious code in bsc-allowance (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05dca51de24dd5fe00f6891f7a049b449842a8eea930e4ffda9a41b6e3bf41a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()
Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...
NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option
Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...
Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().
Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...
Adversary can reenter mint to bypass max allowance.
Lines of code github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.solL189-L200 Vulnerability details Description MinterContract.mint calls NextGenCore.mint, which variables that accounts the amount of tokens each user minted is changed only after mintProcessing, that has a...