PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

Microsoft ACL Shortcomings

Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...