CVE-2023-27980

CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...

CVE-2023-26806

Tenda W20E v15.11.0.6USW20EV4.0brv15.11.0.610681546841 is vulnerable to Buffer Overflow via function formSetSysTime,...

User can call getReward multiple times causing 51% attack

Lines of code Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. Stakers "may" choose to lock their assets for some...

The claimWinningTickets() function does not include a check to ensure that the caller owns the tickets, or if has already been claimed

Lines of code Vulnerability details The claimWinningTickets function in the contract contains multiple vulnerabilities that can result in a loss of funds for the contract and its users. Firstly, the function can be called by anyone, even if they are not the owner of the ticket, allowing malicious...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

Online Eyewear Shop SQL注入漏洞

Online Eyewear Shop is an online eyewear store by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Eyewear Shop version 1.0 due to an unknown function in the file oews/products/viewproduct.php, which can be used for SQL injection via the parameters name/pwd...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

CVE-2022-48126

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

Buffer overflow

Buffer overflow in function Notepadplus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files...

CVE-2022-45711

IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function...

perfSONAR 跨站请求伪造漏洞

perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR versions v4.x through v4.4.5 that stems from the inclusion of cross-site request...

CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a pre-authentication buffer overflow in the main function via long post data...

CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formfastsettingwifiset...

CVE-2022-44176

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic...

CVE-2022-44174

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName...

CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formfastsettingwifiset...

DOLA can be borrowed without owning any DBR

Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...

CVE-2022-43045

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfdumpvrmlsffield at /scenemanager/scenedump.c...