Users will never receive their borrow amount after tx the collateral

Lines of code Vulnerability details Impact You are not able to receive any borrowed amount after adding addCollateral Proof of Concept By invoking addCollateral you will transfer an amount of collateralAmount to the Pair But you will receive any borrowed amount Recommended Mitigation Steps Invoke...

SWFMill 代码问题漏洞

SWFMill is a tool for working with Adobe Flash SWF files by Daniel Cassidy, a personal developer in the UK. A code issue vulnerability exists in SWFMill commit number: 53d7690 that stems from a memory segment exception in its SWF::Reader::getWord function...

[M1] Incorrect amount of gas sent in _distributeFunds

Lines of code Vulnerability details Impact In case recipients consume more gas than expected the transaction could revert or cost can be too high. Proof of Concept According to the definition of the variable SENDVALUEGASLIMITMULTIPLERECIPIENTS you intend to use all that gas for all recipients. /...

ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION

Lines of code Vulnerability details Impact The potentiel impact of this error are : Give wrong voting power to a user at a given block. Give wrong total voting power at a given block. Give wrong total voting power. Proof of Concept The error occured in this line : In the increaseUnlockTime functi...

undici 代码问题漏洞

undici is an HTTP/1.1 client. A code issue vulnerability exists in undici. An attacker could exploit this vulnerability to perform a server-side request forgery attack...

Gas Agency Management System 代码问题漏洞

Gas Agency Management System is a gas agency management software by Mayuri K. Personal Developer. It is used to manage the day-to-day operations of a gas agency. A code issue vulnerability exists in Gas Agency Management System. An attacker can exploit this vulnerability to manipulate shell...

Project.raiseDispute() might work with the already completed task.

Lines of code Vulnerability details Impact Project.raiseDispute might work with the already completed task. Already completed tasks can't be changed in any cases and it might bring some unexpected outcome when the dispute is approved by fault. Proof of Concept It's impossible to change anything...

Mealie 代码问题漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A code issue vulnerability exists in Mealie version 1.0.0beta3. An attacker could exploit the vulnerability to execute arbitrary code via specially crafted files...

NLnet Labs Unbound 代码问题漏洞

NLnet Labs Unbound is an open source DNS server from NLnet Labs. A code issue vulnerability exists in NLnet Labs Unbound version 1.16.1 and prior versions, which stems from a vulnerability that allows a malicious user to continue triggering the resolvability of malicious domain names...

CVAT 代码问题漏洞

CVAT is an interactive video and image annotation tool for computer vision. A code issue vulnerability exists in versions of CVAT prior to 2.0.0, which stems from a url used in a code path without added validation...

WordPress Plugin Enable SVG, WebP & ICO Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Enable SVG, WebP & ICO...

Mitsubishi Electric MC Works64 代码问题漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A code issue vulnerability exists in Mitsubishi Electric MC Works64 that stems from incorrect input validation of data packets...

Buyout Module: redeeming before the update of totalSupply will make buyout's current state success

Lines of code Vulnerability details Impact MED - a hypothetical attack path with stated assumptions, but external requirements. Attacker can create a vault with successful buyout status and non zero supply. The attacker can sell the fractions and then simply withdraw the assets. Proof of Concept...

Price Feed is not checked for freshness and may report old / incorrect value

Lines of code Vulnerability details Price Feed is not checked for freshness In times of network conjestion, the priceFeed may take longer than expected to update, and the price may take longer than usual to update, in order to ensure the latest price is fresh within update window, you should veri...

Net-SNMP 代码问题漏洞

Net-SNMP is an open source Simple Network Management Protocol SNMP software. The software is used to monitor network devices, computer devices, UPS devices, and more. A code issue vulnerability exists in Net-SNMP that stems from a misformatted OID in GET-NEXT of nsVacmAccessTable that could resul...

Minting to user after funds deposit is now omitted in Lender's Swivel lend

Lines of code Vulnerability details Lender's Swivel version of lend pulls the underlying funds from the user, opens the necessary positions, but now fails to mint Illuminate PT for the user, so there will be no records for her investment and the corresponding funds aren't recoverable. Setting...

Secheron SEPCOS Control and Protection Relay 代码问题漏洞

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A code issue vulnerability exists in the Secheron SEPCOS Control and...

OBDA systems Mastro 代码问题漏洞

OBDA systems Mastro is a Java tool for ontology-based data access OBDA from OBDA systems, Italy. A code issue vulnerability exists in OBDA systems Mastro version 1.0. An attacker could use this vulnerability to read system files via a custom DTD...

Issues beyond expected behavior.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function unstakeuint256 amount external override nonReentrant whenNotPaused requireamount != 0, 'stake amount cant be 0'; uint256 noVesting = userstakedAmountsmsg.senderDuration.NONE.amount; uint256...

The withdrawal safety check in _withdrawSome() seems unreasonable

Lines of code Vulnerability details Impact The withdrawal safety check in seems unreasonable. Proof of Concept I don’t understand why max = amount99.8% need to be confirmed. max should be larger than amount. And amount function withdrawSomeuint256 amount internal override returns uint256 uint256...