base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding...

base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding...

CVE-2025-27611

CVE-2025-27611 is a base-x homograph attack affecting the base-x base encoder/decoder. The shared issue, present in versions 4.0.0, 5.0.0, and all prior to 3.0.11, can allow Unicode lookalike characters to bypass validation, potentially deceiving users into sending funds to an unintended address....

Malicious code in crustyhttp (PyPI)

Base64-encoded commands are executed from init.py, which exfiltrate Telegram session data. --- -= Per source details. Do not edit below this line.=- Source: kam193 806b071147126057a7de9b570f85f694ad06923e4d580ddd5274731b5343f556 In the invokehttp, the init.py contains obfuscated code attempting t...

SUSE CVE-2015-0292

Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...

CVE-2018-15717

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes...

DOKEOS SSO Authentication Bypass Vulnerability

Dokeos is an open source online education and course management system. A security vulnerability exists in DOKEOS. The vulnerability is caused by a variable type obfuscation error when comparing passwords to unserializable strings during authentication, SSO authentication is not possible...

Vimeo: Brute force on "vimeo" cookie

I took at "vimeo" cookie "Vimeo authentication token" https://vimeo.com/cookielist And to show approximately my thought process I did : 1. compare two generate values from two different sessions of mine epk9rrdskc70pcdxxmrdmdx7jpcdxxmrdmdx7%2Cpv222v2mfw90w5dcv5wtkmsfffxfsxc2tdruxmcrt...

UBUNTU-CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...