Lucene search
+L

5518 matches found

Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49778

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS8AI score0.00575EPSS
Exploits0References3
OSV
OSV
added 2025/12/08 10:15 p.m.5 views

GHSA-WQ34-7F4G-953V Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...

9.2CVSS7.3AI score0.00575EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 5:2 p.m.10 views

Malicious code in @ensdomains/ens-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee805b6610ec644c5edb2b73ca1d1da2119bb3280f182e716cfdd0aa31720fb The package @ensdomains/ens-contracts was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
NVD
NVD
added 2025/11/21 8:15 a.m.21 views

CVE-2025-11773

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.7. This makes it possible for...

4.3CVSS0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-11773 Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authorization to Authenticated (Subscriber+) Contract Address Update

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.7. This makes it possible for...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 7:31 a.m.15 views

CVE-2025-11773

MODE C: The WordPress plugin TokenICO (Cryptocurrency, Token Launchpad) has a vulnerability in saveDeployedContract across versions ≤ 2.4.6 that allows authenticated users with Subscriber+ privileges to modify the WordPress option tokenico_deployed_contracts, poisoning displayed smart contract ad...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/21 7:31 a.m.5 views

EUVD-2025-198396

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.6. This makes it possible for...

4.3CVSS4.7AI score0.00201EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/20 10:18 p.m.10 views

WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2025/11/19 8:20 a.m.5 views

CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs

Singapore, Singapore, 19th November 2025, CyberNewsWire...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/11/14 9:4 a.m.17 views

Cosmos: Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation

Summary of Impact This vulnerability allows an attacker to bypass the relayer's simulation defense and force permissionless relayers to execute computationally expensive, but 'successful', transactions via the memo callback feature. This creates an asymmetric economic attack where the relayer's...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/12 12:0 a.m.23 views

One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts

Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/04 12:0 a.m.19 views

1 PoCo: Agentic Proof-Of-Concept Exploit Generation for Smart Contracts

Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept PoC exploits play a critical role by demonstrating to the stakeholders that the reported...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/01 12:0 a.m.7 views

Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

Decentralized finance DeFi protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/24 11:22 p.m.5 views

SUSE CVE-2025-61595

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

8.8CVSS6.8AI score0.00312EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/10/22 8:31 p.m.5 views

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

A federal contracting database lists an ICE payment for $61,218 with the payment code for “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code...

7.2AI score
Exploits0
NVD
NVD
added 2025/10/22 6:15 p.m.11 views

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

5.4CVSS0.00197EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/10/22 12:0 a.m.7 views

FreeBSD -- SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Problem Description: Connected sockets are not intended to belong to load-balancing groups. However, the kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will...

5.4CVSS6.8AI score0.00197EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.7 views

CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

5.4CVSS6.2AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 9:31 p.m.5 views

EUVD-2025-34913

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code...

5.8AI score0.00324EPSS
Exploits0References4
NVD
NVD
added 2025/10/17 7:15 p.m.9 views

CVE-2025-56320

CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in...

5.4CVSS0.00324EPSS
Exploits0References2
Rows per page
Query Builder