paucheTranche state can be set to arbitrary value

Lines of code Vulnerability details Impact paucheTranche state can be set to arbitrary value Proof of Concept the protocol has this concept of tranche id and borrower tier, the higher borrower tier means high risk lower borrower tier means low risk but when liquidation happens if the...

PT-2023-18894 · WordPress · Caldera Forms Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: Caldera Forms Google Sheets Connector WordPress plugin versions prior to 1.3 Description: The issue is related to the lack of a CSRF check when updating the Access Code in the Caldera Forms Google Sheets Connector WordPress plugin. This could...

WordPress plugin WooCommerce Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards. This means th...

Gitlab -- Vulnerability

Gitlab reports: Smuggling code changes via merge requests with refs/replace...

PT-2025-18802 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the lpfc sli4 cgn params read function, where a failed kzalloc call could lead to a NULL pointer...

SUSE CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

SpigotedLineLib::trade won’t work with tokens with approval race protection (USDT)

Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...

GSD-2022-1004566 seg6: bpf: fix skb checksum in bpf_push_seg6_encap()

seg6: bpf: fix skb checksum in bpfpushseg6encap This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.132 by commit...

Stripe: CSRF token validation system is disabled on Stripe Dashboard

@dsharad discovered that due to a code change deployed on 2/14/2022, Cross Site Request Forgery CSRF protection was disabled in the Stripe Dashboard. This could have allowed an attacker to trick a victim user to visit a malicious website and cause limited changes to the victim’s Stripe account su...

ClusterFuzzLite - Simple Continuous Fuzzing That Runs In CI

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration CI workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they...

GHSA-6GJF-7W99-J7X7 Deleted Admin Can Sign In to Admin Interface

Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...

CVE-2020-36402

Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change...

CVE-2020-36402

Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.500.9.3.el7 - net/rds: Reject error code change Ka-Cheong Poon Orabug: 32577425 - PCI: hotplug: Add module parameter to allow user control of LEDs James Puthukattukaran Orabug: 32577399 - net/rds: increase 1MB MR pool size for RDS Manjunath Patil Orabug: 32577394...

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

Nextcloud: Malicious apps can crash Nextcloud Android client by sending malformed intents

Not sure if this can be tracked as a security issue, but this definitely calls for a code change. This can be classified into Denial of Service category attack and can seriously hamper user experience. Asset: Nexcloud Android Client com.nextcloud.client Version: 3.11.1 latest Details The Nextclou...

Linux Missing Lockdown Exploit

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification. Linux: missing locking between ELF coredump code and userfaultfd VMA modification Related CVE Numbers: CVE-2019-11599. elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no...

Legal Robot: Pages don't render in old browsers like IE11

While working on another report, a security researcher discovered that a change in Legal Robot's code conversion of some code to ES6 arrow functions caused pages not to render in older browsers like IE 11. While there was no security impact, Legal Robot asked the researcher to submit a report to...

Buggy Domain Validation Forces GoDaddy to Revoke Certs

GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that dat...