29 matches found
Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer
The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...
PT-2025-39174
Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.53.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS within the AdamWeightDecay optimizer. The issue stems from the do use weight decay method, which handles...
Auctions run at significantly different speeds for different prize tiers
Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...
Users can abuse VotingEscrow.delegate() to avoid voting power decay. Additionally, users can delegate expired locks to regain full voting power.
Lines of code Vulnerability details Impact Voting power will not decay over the course of the lock. Proof of Concept The VotingEscrow.delegate function allows users to delegate to locks with a longer expiry time. See the below code snippet and inline comments: requiretoLocked.end = fromLocked.end...
Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv CyberGate v1.00.0...
SpeedBumpPriceGate.sol has high likelyhood of overcharging buyer during decay phase
Lines of code Vulnerability details Impact Contract overcharges user Proof of Concept L79 passes through the entire ether balance sent. Since price decays each block it is likely that the transaction won't be processed during the same block that it was submitted. In situations like this the price...
Malicious users can frontrun borrowers trying to repay loans, causing DoS and possibly a loan default
Lines of code Vulnerability details Impact Attackers can listen for a borrower to call repayAndCloseLoan on a specific loanId, and frontrun their transaction with a call to lend, creating a new loan with an increased amount, causing the borrower's transaction to fail due to the new loanAmount bei...
urbandecay.com XSS vulnerability
Vulnerable URL: http://www.urbandecay.com/heavy-metal/390.html?dwfrmnewslettersource=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...
Unfixed XSS vulnerability at www.decayofcamelot.com
Security researcher PaPPy, has submitted on 08/07/2008 a cross-site-scripting XSS vulnerability affecting www.decayofcamelot.com, which at the time of submission ranked 695303 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It is...