8 matches found
CVE-2025-3646 Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized acce...
A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
Introduction In todays interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable ...
NFTFloorOracle price feeders can be removed by anyone
Lines of code Vulnerability details Impact The nfts price feeders in the NFTFloorOracle contract should be added or removed only by the admin but because the removeFeeder function is missing the onlyRoleDEFAULTADMINROLE modifier any user can remove a feeder, this could impact the whole protocol i...
Unsafe casting from uint256 to uint8 cause wrong index of asset and feeder in NFTFloorOracle
Lines of code Vulnerability details Impact In NFTFloorPrice, it has a set of feeders and a set of assets. Feeders will set price for assets. Of coursers, with the growing NFT space, number of assets collection could be much more than 256 and because Paraspace uses median price from keepers so...
Some arbitrary feeders will not be removable, even by admin.
Lines of code Vulnerability details Description NFTFloorOracle receives data from different "feeders". They are added using addFeeders and removed by removeFeeder. Feeders are managed by two data structures. feeders is an array, each element in the address of the feeder. feederPositionMap maps...
Anyone can remove feeders from NFTFloorOracle.
Lines of code Vulnerability details Impact There is no onlyRole modifier in removeFeeder, so anyone can remove feeders from NFTFloorOracle, and it will cause a DOS attack. Proof of Concept function removeFeederaddress feeder external onlyWhenFeederExistedfeeder //@audit no modifier...
vulnerability-lookup
Vulnerability-Lookup !Vulnerability-Lookup logodocs/stat...
多款RSS阅读器出现XSS漏洞
IE和OPERA对RSS中item下的description标签内容,解析过程如下: 首先使用HTML编码对内容解密(例:‘’解析为‘’),之后执行其中HTML代码。 这种解析方式导致一些RSS阅读工具对此过滤不严,出现XSS漏洞。 INTERNET EXPLORER ver= IE7 OPERA ver =9.52 新浪点点通1.1.0.8 目前最高 周博通4.028031409 目前最高 遨游2.1.4.443(目前最高) RSS侧边栏 等待厂商升级 在description标签的内容中输入HTML编码后的JS代码,例如: ?xml version="1.0"...