RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users

Roma, Італія, 1st June 2026, CyberNewswire...

Rethinking AI Data Security: A Buyer's Guide 

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model LLM platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security...

CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...

CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...

PT-2024-14930 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.7 Description: The issue allows unauthorized access to data due to a missing capability check on the purchased new products function. This enables unauthenticated attackers to...

Some buyers wont get expected tokens minted due to precision loss

Lines of code Vulnerability details Impact The ERC20TokenEmitter.buyToken mints tokens according to the configured bps per address. This is due to the below code's implementation in buyToken function. for uint256 i = 0; i 0 // transfer tokens to address mintaddressesi, uint256totalTokensForBuyers...

ctrestaurantbuyersguide.com Cross Site Scripting vulnerability OBB-3573547

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ctrestaurantbuyersguide.com Cross Site Scripting vulnerability OBB-3569408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

LAST PRICE DUTCH AUCTION SALE (LPDA) CAN BE EXPLOITED

Lines of code Vulnerability details Impact The function logic of buy in LPDA.sol can be exploited by shrewd buyers to achieve the lowest finalPrice possible. Proof of Concept LPDA.solL58-L89 function buyuint256 amount external payable uint48 amount = uint48amount; Sale memory temp = sale;...

Funds reserved for refunding users can be steal in LPDA sale

Lines of code Vulnerability details Impact LPDA sale works like a Dutch Auction, where early buyers will get refund after the sale ended. In addition, in buy function, when last NFT is saled, it is automatically ending the LPDA sale and send payments to sale receiver, fee to fee receiver. And the...

Loss of ETH for NFT buyers in LPDA contract

Lines of code Vulnerability details Impact The buy function of LPDA sale contract can be invoked with 0 as the input value and 0 ETH as the sent valuemsg.value = 0. The buy function automatically ends the sale when newId == sale.finalId and distributes ETH to feeReceiver and saleReceiver. Since t...

LPDA refund logic is broken, meaning buyers always get lowest price sale

Lines of code Vulnerability details Impact The protocol intends the LPDA to refunds buyers with the difference between the price they paid and the last sale price Once the sale has ended, the users must call refund to get their Ether refunds based on their purchase price and lowest sale price 99:...

The amount of an ERC1155 token should be checked.

Lines of code Vulnerability details Impact For NFT token of type ERC1155, there may be multiple tokens with the same tokenId. Therefore, when processing orders of type ERC1155, it is necessary to check not only whether the tokenId of the NFT for both buyers and sellers are matched, but also the...

buyers-advocate.net.au Cross Site Scripting vulnerability OBB-2828194

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Race condition in exercising the options

Lines of code Vulnerability details Impact Option buyers might never exercise their options with a bad actor vault owner, hence creating trust issues to the platform since the promised functionality causes only loss of funds. Proof of Concept Alice creates a vault for her high valued NFT. Bob buy...

Setting a high feeRate can block exercise or cause negative flow of funds

Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...

Sale operator may frontrun purchases in order to modify the price arbitrarily

Lines of code Vulnerability details Impact Buyer's cannot set a minimum amount of CTDL that they will expect so BadgerDAO can force them to receive a smaller amount than expected. Proof of Concept The buy function only allows the buyer to specify an amount of tokenIn to send to the contract and...

[WP-H3] saleRecipient can rug buyers

Lines of code Vulnerability details In TokenSaleUpgradeable.solbuy, tokenIn will be transferred from the buyer directly to the saleRecipient without requiring/locking/releasing the correspoining amount of tokenOut. This allows the saleRecipient to rug the users simply by not transferring tokenOut...

UniswapHandler vulnerable to sandwich bots

Handle Koustre Vulnerability details Impact Any user or contract that has the buyer role that uses the functions buyMalt and sellMalt will be vulnerable to sandwich attacks from bots that will causes slippage loses to users. Proof of Concept Provide direct links to all referenced code in GitHub...

The Underground Exploit Market and the Importance of Virtual Patching

Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground...