52 matches found
CVE-2026-31625
In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alpsrawevent Commit ecfa6f34492c "HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them" attempted to fix up the HID drivers that had missed the previous fix that was done i...
CVE-2025-58437
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...
Linux Distros Unpatched Vulnerability : CVE-2020-10577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race conditio...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from btusb mediatek not locking when calling usbdriverclaiminterface, which could result in an error...
CVE-2024-50381
CVE-2024-50381 affects Snap One OvrC Cloud. The Red Hat/NVD/ICS data show the issue: an attacker can impersonate a hub and send requests to claim/unclaim devices using the MAC address, enabling remote access/control within OvrC Pro. Affected product: OvrC Pro (all versions before 7.3). Impact and...
CVE-2024-38368
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
CVE-2024-38368
CVE-2024-38368 concerns CocoaPods trunk authentication server vulnerability where unclaimed pods could be claimed or where all owners could be removed, enabling takeover of pods migrated from the pre-2014 workflow to trunk. The issue stems from how ownership was managed on CocoaPods’ trunk server...
Users of ReraiseCrowdfund will potentially not receive appropriate voting power
Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...
Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts
Lines of code Vulnerability details Impact Malicious users claim rewards at a higher rate than what was intended by front-running governance actions meant to reduce rewards. This allows them to claim rewards at a higher rate than what was intended, undermining the protocol's intended economic...
Prime.sol - User can claim Prime token without having any staked XVS, because his stakedAt isn't reset whenever he is issued an irrevocable token.
Lines of code Vulnerability details Impact Whenever a new Prime token is created, the users stakedAt is reset to 0. This happens when the user claim a revocable token and when he is issue a revocable token, but it does not happen when a user is issue an irrevocable token. This is issue function...
User Score Not Updated During Interest Claim, Leading to Incorrect Interest Calculations
Lines of code Vulnerability details Impact This oversight in the contract logic may lead to incorrect interest calculations for users. Specifically, if a user's balance or the factors contributing to the score changes between interest accruals due to actions outside of staking more tokens, the...
Misaligned Epoch Calculation for Reward Claims
Lines of code Vulnerability details Impact When users attempt to claim rewards, the contract calculates the claimEnd and subsequently updates the userClaimedEpoch using claimEnd + WEEK. This might result in misaligned epochs in scenarios where claimUpToTimestamp is less than or more than a week. ...
Malicious claimer could arbitrage the prize-claiming functionality
Lines of code Vulnerability details Impact The feePerClaim is a user controlled parameter which tops at tierLiquidity.prizeSize for a given tier see here for that. That means the CLAIMER can set arbitrary fees for a given call to claimPrize to increase maliciously the collected fees with //...
Unauthorized Access to Tokens in returnTokensToOwner function.
Lines of code Vulnerability details Impact returnTokensToOwner Function: Attack Surface: This function allows the DAO contract to unescrow tokens and return them to the original owner. The returnTokensToOwner function allows the DAO contract to unescrow tokens by transferring them from the...
The merkle tree might be revoked again after being used to claim rewards.
Lines of code Vulnerability details Impact The merkle tree might be revoked again after being used to claim rewards. Proof of Concept The governor can revoke the merkle tree using revokeTree. function revokeTree external onlyGovernorOrGuardian if disputer != address0 revert UnresolvedDispute;...
Poor detection of disputed trees allows claiming tokens from a disputed tree
Lines of code Vulnerability details Targets Impact Users can claim rewards from a Merkle tree that's being disputed. This can potentially lead to loss of funds since a malicious trusted EOA can claim funds from a malicious tree while it's being disputed. Proof of Concept The...
Rage quitter loses his claimable share of distributed tokens
Lines of code Vulnerability details Impact Rage quitter loses his claimable share of distributed tokens. Proof of Concept PartyGovernanceNFT.rageQuit burns a governance NFT and transfers its share of the balance of ETH and tokens: // Burn caller's party card. This will revert if caller is not the...
CVE-2023-31241
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...
Information disclosure
Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...