EUVD-2024-53128

Malicious code in bioql PyPI...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

FSDVesting.updateVestedTokens doesn't have any control modifiers and anyone can increase vested amount for a beneficiary

Handle hyh Vulnerability details Impact In current implementation all vesting beneficiaries can increase their vested amounts unlimitedly by calling updateVestedTokensmyfsdvestingaddress, anyamounttobeaddedtovesting. Beneficiary can then surpass vesting schedule by calling claimVestedTokens It wi...