Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

Mozilla Firefox 代码问题漏洞

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

Intel AMT、Intel PROSet/Wireless WiFi和Intel Killer WiFi 代码问题漏洞

Intel AMT and others are products of Intel Corporation Intel, U.S.A. Intel AMT is an Active Management Technology module.Intel PROSet/Wireless WiFi is a wireless network card driver.Intel Killer WiFi is a wireless network card driver. A code issue vulnerability exists in Intel AMT, Intel...

SAP Adaptive Server Enterprise 代码问题漏洞

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. A code issue vulnerability exists in SAP Adaptive Server Enterprise, which can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP,...

Joplin 代码问题漏洞

Joplin is an open source notes and to-do list application. A code issue vulnerability exists in Joplin, which arises from a product that allows execution of system commands via malicious code in user search results. The following products and versions are affected: Joplin version 2.6.10...

FISCO BCOS 代码问题漏洞

FISCO BCOS is a blockchain underlying platform. A code issue vulnerability exists in FISCO BCOS that stems from certain transactions in the product's operation failing to commit successfully. An attacker could use this vulnerability to cause a denial of service to the target. The following produc...

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

Jspxcms 代码问题漏洞

UJCMS Jspxcms is a scalable enterprise-class open source web content management system CMS from China's BlueIntelligence Technology Corporation. A code issue vulnerability exists in Jspxcms, which stems from a vulnerability in $freemarker.template.utility.Execute?new in UJCMS Jspxcms v10.2.0 that...

MariaDB 代码问题漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.A code issue vulnerability exists in MariaDB, which stems from the fact that the product allows certain SELECT statements to cause...

MariaDB 代码问题漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a code issue vulnerability that stems from improper handling of the product HAVING clause to WHERE clause push down. A...

Mageia: Security Advisory (MGASA-2020-0041)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting XSS via the input box of the statistical code...

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of PHP code int he template markup allowing an attacker with "create, modify and delete website pages" privileges to inject maliciously crafted PHP code...

Crater代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. A code issue vulnerability exists in Crater that stems from crater-invoice/crater uploading unlimited files of a dangerous...

Stanford CoreNlp 代码问题漏洞

Stanford CoreNlp is a suite of open source, natural language analysis tools written in Java by the Stanford Nlp Group team in the United States. Stanford corenlp has a code issue vulnerability that arises from improper design or implementation during code development of a networked system or...

Exploit for SQL Injection in Artica Pandora_Fms

CVE-2021-32099 CVE-2021-32099 POC : http://localhost:8000/pan...

Palo Alto Networks Cortex XDR 代码问题漏洞

Palo Alto Networks Cortex XDR is a security operations platform for remote endpoint-based detection from Palo Alto Networks Malaysia. A code issue vulnerability exists in the Palo Alto Networks Cortex XDR agent that can be exploited by an attacker to execute a live endpoint session used by a loca...

Crater Invoice Crater 代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. Crater Invoice crater suffers from a code issue vulnerability that stems from the unrestricted upload of dangerous types o...

Sourcecodester Vehicle Service Management System 代码问题漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. Sourcecodester Vehicle Service Management System has a security vulnerability that arises from improper design or implementation of the code...