Lucene search
+L

29 matches found

Huntr
Huntr
added 2025/06/18 1:55 p.m.10 views

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

7.5CVSS6.3AI score0.00467EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.10 views

PT-2025-39174

Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.53.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS within the AdamWeightDecay optimizer. The issue stems from the do use weight decay method, which handles...

7.5CVSS6.1AI score0.00467EPSS
Exploits1References15
Code423n4
Code423n4
added 2023/08/21 12:0 a.m.10 views

Auctions run at significantly different speeds for different prize tiers

Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.7 views

Users can abuse VotingEscrow.delegate() to avoid voting power decay. Additionally, users can delegate expired locks to regain full voting power.

Lines of code Vulnerability details Impact Voting power will not decay over the course of the lock. Proof of Concept The VotingEscrow.delegate function allows users to delegate to locks with a longer expiry time. See the below code snippet and inline comments: requiretoLocked.end = fromLocked.end...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/12 12:0 a.m.256 views

Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv CyberGate v1.00.0...

0.5AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.16 views

SpeedBumpPriceGate.sol has high likelyhood of overcharging buyer during decay phase

Lines of code Vulnerability details Impact Contract overcharges user Proof of Concept L79 passes through the entire ether balance sent. Since price decays each block it is likely that the transaction won't be processed during the same block that it was submitted. In situations like this the price...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.14 views

Malicious users can frontrun borrowers trying to repay loans, causing DoS and possibly a loan default

Lines of code Vulnerability details Impact Attackers can listen for a borrower to call repayAndCloseLoan on a specific loanId, and frontrun their transaction with a call to lend, creating a new loan with an increased amount, causing the borrower's transaction to fail due to the new loanAmount bei...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/12/11 5:39 p.m.6 views

urbandecay.com XSS vulnerability

Vulnerable URL: http://www.urbandecay.com/heavy-metal/390.html?dwfrmnewslettersource=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

6.3AI score
Exploits0
xssed
xssed
added 2008/08/07 12:0 a.m.13 views

Unfixed XSS vulnerability at www.decayofcamelot.com

Security researcher PaPPy, has submitted on 08/07/2008 a cross-site-scripting XSS vulnerability affecting www.decayofcamelot.com, which at the time of submission ranked 695303 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It is...

Exploits0References1
Rows per page
Query Builder