Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00543EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.11 views

Business Logic Vulnerability in dropTopVotedPiece Function

Lines of code Vulnerability details Potential Risk: The dropTopVotedPiece function in the CultureIndex contract allows the dropperAdmin to drop the top-voted piece. While the function checks if the caller is the dropperAdmin, there is a potential business logic vulnerability. The function only...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

Delegated Votes Blocking Delegator Undelegation

Lines of code Vulnerability details Impact Once a delegator has delegated their votes to a delegatee, and the delegatee employs those votes in an ongoing proposal, the delegator loses the ability to undelegate their votes. VotingEscrow::delegate is used to delegate user A's votes to User B. Once...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.10 views

Bug on e handling of excess ETH deposits

Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.10 views

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Lines of code Vulnerability details Impact A newly opened position could have its limit fully reduced to zero as soon as the cooldown period has elapsed. Proof of Concept As seen in the function below, a newly opened position with 0 Frankencoin minted could have its limit turn 0 if the function...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.6 views

Malicious user can frontrun the selling or transferring of a ticket to claim the rewards

Lines of code Vulnerability details A bad actor can trick a user into buying an unclaimed ticket and frontrun the selling or transfer of the NFT to claim the rewards associated with the ticket before the original transaction. Impact Given the described scenario, a bad actor can frontrun the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/02 12:0 a.m.16 views

Malicious user can indefinitely freeze the funds of another user

Lines of code Vulnerability details Impact By design, a user's cooldown period is extended if they receive a transfer of hPal. The cooldown is extended based on the weight of the receiver's original balance and cooldown period compared to the sent amount and sender's cooldown period. Due to this...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.11 views

Cooldown and redeem windows can be rendered useless.

Handle ShippooorDAO Vulnerability details Impact Cooldown and redeem windows can be rendered useless. Proof of Concept Given an account that has not staked sNOTE. Account calls sNOTE.startCooldown Account waits for the duration of the cooldown period. Redeem period starts. Account can then deposi...

6.9AI score
Exploits0
Rows per page
Query Builder