CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/02/19 12:0 a.m.•2 views

TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

5.9AI score

Cvelist•added 2026/01/26 9:28 p.m.•16 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS0.0001EPSS

Exploits0References1

EUVD•added 2026/01/05 5:29 p.m.•1 views

EUVD-2026-0931

Malicious code in celium-collateral-upgrade PyPI...

6.6AI score

Exploits0References4

OSSF Malicious Packages•added 2026/01/05 5:29 p.m.•6 views

Malicious code in celium-collateral-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adea9a91926d593420b0d9d07dd66bc5656bb42bf3735074a3f33533800a79dc This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

7.5AI score

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-12604

Malware in sbrugna...

4.9CVSS5.2AI score0.00149EPSS

Exploits0References4

Imperva Blog•added 2025/09/08 7:13 p.m.•5 views

When You’re Always Under #DDoS Attack

We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...

Packet Storm News•added 2025/07/09 12:0 a.m.•2 views

Wrapless: the Trustless Lending Protocol on Top of Bitcoin

This paper presents Wrapless -- a lending protocol that enables the collateralization of bitcoins without requiring a trusted wrapping mechanism. The protocol facilitates a "loan channel" on the Bitcoin blockchain, allowing bitcoins to be locked as collateral for loans issued on any blockchain th...

6.8AI score

Code423n4•added 2023/12/21 12:0 a.m.•10 views

Position owners can steal others position's Wlp collaterals

Lines of code Vulnerability details Impact Position's owner can steal other users Wlp collateral, as long as it doesn't completely withdraw all the balance of tokenId LP. Proof of Concept When users call decollateralizeWLp function from InitCore, as long as Wlp is whitelisted and the mode's...

Code423n4•added 2023/12/21 12:0 a.m.•14 views

Liquidator can get higher rate for liquidation

Lines of code Vulnerability details Proof of Concept When position is unhealthy then it can be liquidated. In order to incentivize someone to liquidate positions they receive some extra amount of collateral. This incentive percentage is calculated inside...

Code423n4•added 2023/12/21 12:0 a.m.•11 views

A wLP collateral that is no longer whitelisted but was at some point won't let users decollateralize or be liquidated

Lines of code Vulnerability details Impact Users who collateralized using wLP won't ever be liquidated unless the wLP is whitelisted back, but this could be dangerous depending on the reason it was removed from the whitelist. They can't also decollateralize. The severity of this issue depends...

7.2AI score

Code423n4•added 2023/12/21 12:0 a.m.•11 views

setPosMode function doesn't check if wLp is whitelisted

Lines of code Vulnerability details Proof of Concept Using setPosMode function owner of position can change it's mode. When the function is called, then there are a lot of checks, like if current mode allows to decollateralize and if new mode allows to collateralize. Also it's checked, that all...

Code423n4•added 2023/12/20 12:0 a.m.•9 views

InitCore.liquidate will revert in case if poolOut is paused for collateral

Lines of code Vulnerability details Proof of Concept InitCore.liquidate function tries to check, that provided poolOut variable is valid pool of protocol. It does it using vars.config.isAllowedForCollateral check. As you can see, in case if poolOut will be paused as collateral for the mode, then...

Code423n4•added 2023/12/20 12:0 a.m.•10 views

TRST-M-1 finding from previous audit still exists

Lines of code Vulnerability details Proof of Concept Issue TRST-M-1 from previous audit still exist. In order to calculate collateral amount getCollateralCreditCurrente36 function is used. uint tokenValuee36 = ILendingPoolpoolsi.toAmtCurrentsharesi tokenPricee36; tokenValuee36 is usd value of...

Code423n4•added 2023/12/19 12:0 a.m.•8 views

In case if wLP will be blacklisted then user will not be able to withdraw it

Lines of code Vulnerability details Proof of Concept When users deposit wLP tokens as collateral, then they are checked to be whitelisted. Later, it's possible that for some reason wLP token will be backlisted by governor. And once it's done, then users, who already used that wLP tokens as...

Code423n4•added 2023/12/18 12:0 a.m.•9 views

Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP

Lines of code Vulnerability details Impact Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP Proof of Concept User can use WLP as collateral, even use WLP purely as collateral to borrow fund from lending pool the collateral worth of WLP...

7.2AI score

Code423n4•added 2023/12/18 12:0 a.m.•24 views

Providing LP outside of active range is prone to DoS

Lines of code Vulnerability details Impact When LP provide uniswap V3 position using ParticlePositionManager that have range outside of active price, it can be DoSed by opening position of all the provided liquidity. Proof of Concept When LPs provide a Uniswap V3 position that is currently outsid...

Code423n4•added 2023/11/06 12:0 a.m.•5 views

Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral

Lines of code Vulnerability details Impact Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral Proof of Concept The OmniPool::repay function has implemented the whenNotPaused modifier, which will prevent the...

Code423n4•added 2023/11/05 12:0 a.m.•3 views

After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount

Lines of code Vulnerability details = Impact After the market configuration expires, there is no cap for liquidation seize amount Proof of Concept After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount when liquidation ...

7.1AI score

Code423n4•added 2023/11/02 12:0 a.m.•15 views

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...