Lucene search
K

20 matches found

Snyk
Snyk
added 2026/05/06 8:42 p.m.11 views

Brute Force

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Brute Force via the check process. An attacker can gain unauthorized administrative access by submitting arbitrary user-id and token values to the...

9.3CVSS5.9AI score0.00339EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 12:16 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...

7.1CVSS5.9AI score0.00452EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:53 a.m.4 views

CVE-2026-2095

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user...

9.8CVSS5.8AI score0.00507EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.8 views

Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

9.1CVSS5.6AI score0.00307EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:8 p.m.8 views

CVE-2022-36447

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...

7.5CVSS6.9AI score0.00734EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/03/31 1:29 a.m.15 views

USN-7394-1: Doorkeeper vulnerabilities

Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...

9.1CVSS7.7AI score0.04685EPSS
Exploits0
Cvelist
Cvelist
added 2024/04/19 2:53 p.m.29 views

CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

9.1CVSS9.4AI score0.00943EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.7 views

ownerMintUsingTokenId can brick the whole contract

Lines of code Vulnerability details Impact With the function ownerMintUsingTokenId, it is possible for the owner to mint a token with an arbitrary token ID. However, this can brick the whole contract and cause a situation where no more mints / buys are possible. This happens when a token ID is...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.9 views

ConvexCurveLPVault's _transferYield can become stuck with zero reward transfer

Lines of code Vulnerability details Now there are no checks for the amounts to be transferred via transferYield and processTreasury. As reward token list is external and an arbitrary token can end up there, in the case when such token doesn't allow for zero amount transfers, the reward retrieval...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/17 12:0 a.m.9 views

Unsafe ERC20 transfers are used in BribeVault and ThecosomataETH

Lines of code Vulnerability details Impact For some ERC20 tokens no revert occurs but false is returned if transfer failed for any reason. If this isn't checked, the system will enter a wrong state with an accounted, but not executed transfer. Such effect can pile up, messing the logic altogether...

7.1AI score
Exploits0
OSV
OSV
added 2019/03/05 11:29 p.m.18 views

CVE-2019-8336

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

8.1CVSS6.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/03/05 11:29 p.m.18 views

CVE-2019-8336

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

8.1CVSS7.2AI score0.01251EPSS
Exploits0References2
Prion
Prion
added 2018/07/04 12:29 a.m.13 views

Integer overflow

SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

5CVSS7.6AI score0.01024EPSS
Exploits0References2
NVD
NVD
added 2018/07/04 12:29 a.m.15 views

CVE-2018-13130

Bitotal TFUND is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

7.5CVSS7.6AI score0.00988EPSS
Exploits0References2
Prion
Prion
added 2018/07/04 12:29 a.m.16 views

Integer overflow

ATLANT ATL is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

5CVSS7.6AI score0.00988EPSS
Exploits0References2
CNVD
CNVD
added 2018/07/04 12:0 a.m.2 views

GVToken Genesis Vision (GVT) Integer Overflow Vulnerability

GVToken Genesis Vision GVT is a smart contract that runs on Ether. An integer overflow vulnerability exists in the mint function in GVToken Genesis Vision GVT. The vulnerability can be exploited by the contract owner to arbitrarily retrieve a minted token...

7.5CVSS7.2AI score0.00988EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/04 12:0 a.m.23 views

CVE-2018-13132

Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

7.7AI score0.00988EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/04 12:0 a.m.23 views

CVE-2018-13128

Etherty Token ETY is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

7.7AI score0.00988EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/01/23 9:59 p.m.25 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS7.3AI score0.04685EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/01/23 9:0 p.m.33 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.3AI score0.04685EPSS
Exploits0
Rows per page
Query Builder