Lucene search
K

40 matches found

CVE
CVE
added 2026/04/22 9:25 p.m.22 views

CVE-2026-41175

Statamic CMS (Laravel/Git-based) prior to 5.73.20 and 6.13.0 is affected. The issue stems from unsafe method invocation during query value resolution, enabling data destruction via manipulated query parameters on Control Panel, REST API endpoints, or GraphQL queries. Exploitation requires REST/Gr...

8.1CVSS5.7AI score0.00304EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.20 and 6.13.0, which stemmed from insufficient...

8.1CVSS5.8AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-34571

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.20 Statamic versions prior to 6.13.0 Description Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, can lead to the loss of content, assets, and user accounts...

8.1CVSS5.8AI score0.00304EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-5158

Malware in sbrugna...

7.5CVSS7.6AI score0.00988EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-5174

Malware in sbrugna...

7.5CVSS7.6AI score0.01033EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/01 12:42 a.m.10 views

CVE-2025-56207

A security flaw in the 'transfer' function of a smart contract implementation for Money Making Opportunity MMO, an Ethereum ERC721 Non-Fungible Token NFT project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721...

6.5CVSS6.8AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.6 views

PT-2025-40008

Name of the Vulnerable Software and Affected Versions Money Making Opportunity versions prior to v0.8.17+commit.8df45f5f Description A flaw exists in the transfer function of a smart contract used by Money Making Opportunity, an Ethereum ERC721 Non-Fungible Token NFT project. This allows for the...

6.5CVSS6.5AI score0.00306EPSS
Exploits0References5
CVE
CVE
added 2025/09/30 12:0 a.m.11 views

CVE-2025-56207

The CVE-2025-56207 entry concerns Money Making Opportunity (MMO), an Ethereum ERC-721 NFT project. The vulnerability is in the contract’s _transfer function, which can cause NFTs to be sent to the zero address, resulting in permanent asset loss and ERC-721 non-compliance. Affected details include...

6.5CVSS6.4AI score0.00306EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.6 views

The staker could silently lose all their previously deposited assets when revert TokenTransferFailed() is called

Lines of code Vulnerability details Impact The staker could silently lose all their deposited assets in the NodeDelegator.sol function when they time to transfer their assets. This could happen when the staker owns assets in the Eigen but it is not enough to be transferred when the calculated...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/10/24 12:0 a.m.12 views

Upgraded Q -> 2 from #2037 [1698131784473]

Judge has assessed an item in Issue 2037 as 2 risk. The relevant finding follows: L‑01 Early users can modify the underlying assets’ unit share price Summary: ERC4626, an extension of ERC20, is a standard that is mostly used in yield-bearing tokens. The contract of an ERC4626 token itself is an...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.6 views

lack of failsafe mechanism to replay the failed transaction between source chain and destination chain. This would lead to loss of funds to user when transaction is failed.

Lines of code Vulnerability details Impact When the transaction fails in any of chain source or destination, it never be replayed. This would lead to loss of assets if the the transaction is target for token transfer. Similarly other issue can happen. Proof of Concept Centrifuge used the cross...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

createLock, increaseAmount int128(int256(_value)) unsafe downcast can lead to asset loss

Lines of code Vulnerability details Impact Suppose users deposit more than typeint128.max value through createLock and increaseAmount, they may get less voting power and can't get the assets back. Proof of Concept The VotingEscrow.sol is forked from FIATDAO, but it seems don't consider a MEDIUM...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.5 views

Possible Issues Related to Well Initial State

Lines of code Vulnerability details Description && Impact After creating the Well contract, there will be no reserves in the initial state. Therefore it could lead to the following possible issues and the attackers can take advantage of them through front running. 1. Price manipulation attacks Wh...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.12 views

The calculateWithExactInput uses the same state's values for all transactions in the block

Lines of code Vulnerability details Impact The calculateWithExactInput uses the same state's values for all transactions. So all checks which should regulate swapped amounts will be broken. It can be a case of asset loss if there will be a significant amount of transactions in one block. Proof of...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.7 views

Result of transferFrom and transfer are not checked.

Lines of code Vulnerability details M-01 result of transferFrom and transfer are not checked. It may lead to assets lost if the transfer is somehow failed. below are some examples: contracts/Position.sol 138: collateral.transferFrommsg.sender, addressthis, newCollateral - colbal; 228:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.12 views

ERC4626 vault shares can be maliciously inflated

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The price of ERC4626 vault shares can be maliciously inflated during the first deposit, leading to the loss of assets for next depositors Proof of Concept Provide direct links to all referenced code in...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/21 12:0 a.m.8 views

Potential Manipulation Vulnerability in _validateOrdersAndPrepareToFulfill Function

Lines of code Vulnerability details Impact The smart contract may not be properly validated, which could lead to fraudulent or malicious orders being fulfilled. This could result in loss of assets or other financial damage to users of the contract. Additionally, if the validation process is not...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.20 views

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.34 views

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount

Lines of code Vulnerability details Impact User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount. The user lost their asset since they didn't get any lpToken Proof of Concept Inside Pair.sol contract, the add function exist for adding liquidity to the pair...

6.8AI score
Exploits0
Rows per page
Query Builder