168 matches found
CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
EUVD-2026-19742
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
CVE-2026-4931 CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
CVE-2026-4931 CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...
CVE-2026-4931
CVE-2026-4931 affects Smart contract Marginal v1, where an unsafe downcast in the contract enables attackers to settle a large debt position for a negligible asset cost. The publicly reported descriptions (NVD, Red Hat, ENISA EUVD, CNNVD, CVE lists) consistently state the same vulnerability and i...
PT-2026-30899
Name of the Vulnerable Software and Affected Versions Smart contract Marginal v1 affected versions not specified Description The Smart contract Marginal v1 contains an unsafe downcast issue. This allows attackers to settle a large debt position for a negligible asset cost. Recommendations At the...
Marginal 安全漏洞
Marginal is an asset trading platform developed by Marginal OpenSource. There is a security vulnerability in Marginal, which stems from the execution of insecure downcasting operations. This vulnerability could allow attackers to settle large debt positions at a negligible cost for assets...
Scaling security operations with Microsoft Defender autonomous defense and expert-led services
Today’s security leaders are operating in an environment of truncated cyberattack timelines with aging defenses built for slower, linear cyberthreats that can no longer keep pace with advanced cyberthreats. AI-powered threat actors now use social engineering and malware that adapt in real time,...
MVP Development in the Age of AI: How Startups Can Build Smarter, Faster and Leaner
How AI is reshaping MVP development, helping startups build faster, validate smarter, avoid overbuilding, manage tech debt, and embed security early...
Reading between the Code Lines: On the Use of Self-Admitted Technical Debt for Security Analysis
Static Analysis Tools SATs are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and incomplete coverage of vulnerability classes. At the same...
CVE-2025-23861
Cross-Site Request Forgery CSRF vulnerability in Zack Katz Debt Calculator debt-calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through = 1.0.1...
Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc
BeyondTrust's annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won't be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it's the...
EUVD-2025-3482
Malicious code in bioql PyPI...
Outdated Tech, Rising Risk: How Federal Agencies Can Eliminate Tech Debt and Reduce Cyber Risk
Amid shrinking budgets and workforce pressures, your agency, like many across the federal government, is likely grappling with the growing challenge of technical debt tech debt. Tech debt, the accumulation of outdated or under-maintained technology, can slow progress and put your agency’s mission...
Security Debt in Practice: Nuanced Insights from Practitioners
With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints cause unaddressed security vulnerabilities to accumulate over...
The vulnerability of the iocg_pay_debt() function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system. This vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the iocgpaydebt function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system, is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity...
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without...
CVE-2025-23861
Cross-Site Request Forgery CSRF vulnerability in Zack Katz Debt Calculator debt-calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through = 1.0.1...