11 matches found
PT-2026-22836
Name of the Vulnerable Software and Affected Versions OpenEMR versions 5.0.2 through 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Versions between 5.0.2 and before 8.0.0 have paths where the gateway api key secret value is rendered to the...
CVE-2021-31876
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction wi...
CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1
Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...
Hyperbridge 安全漏洞
Hyperbridge is an open source application from Polytope. Hyperbridge suffers from a security vulnerability that stems from allowing a malicious attacker to easily convince a verifier of the finality of an arbitrary header, which could be used to steal funds or compromise other types of cross-chai...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. Vyper has a security vulnerability that stems from the fact that LLL IR does not have a Turing incompleteness restriction, and therefore it is compiled as a loop with a later exit condition. If the loop body contains it, it can lead to loss o...
Lender can lose funds
Lines of code Vulnerability details Impact Since some tokens take transfer fees on performing transfer operations and current contract implementation is not considering same, lender funds could be lost Proof of Concept 1. Attacker creates a loan request for token XYZ taking 10% transfer fees 2...
PT-2020-9354 · Unknown · Lightning Network Daemon
Name of the Vulnerable Software and Affected Versions: Lightning Network Daemon lnd versions prior to 0.7 Description: The issue is related to Incorrect Access Control, allowing attackers to trigger loss of funds. This is due to Improper Access Control in the Lightning Network Daemon...
Renren Android client gesture lock vulnerability
Renren focuses on personal mortgage business and is committed to providing professional financial information services for individuals and small and medium-sized enterprises. A vulnerability in the gesture lock of Renren Caixuan's Android client allows an attacker to bypass a layer of...
Gesture Lock Vulnerability in Your Money Management Android Client
You and I loan is an Internet financial investment platform. It provides users with convenient, low-threshold personal loans and investment services. There is a vulnerability in the gesture lock of YouMeLoan's financial management Android client, which allows attackers to bypass a layer of...
Upward Financial Management Android Client Gesture Lock Vulnerability
Upward Financial Management is a financial mobile software developed by Beijing Zendai Network Technology Co. Upward Financial Management Android client gesture lock vulnerability, an attacker can bypass a layer of authentication, may cause funds and information leakage harm...
China Telecom WingPay Android client gesture lock has design flaws
Wing Pay is a mobile payment service launched by China Telecom. A design vulnerability exists in the gesture lock of the Wing Pay Android client. By exploiting the vulnerability, an attacker can bypass the gesture lock security mechanism of the Wing Pay Android client and obtain users' private...