Lucene search
K

42 matches found

HackRead
HackRead
added 2026/06/10 8:53 p.m.11 views

FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders

The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/03/18 3:46 a.m.28 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS0.00344EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.5 views

Are Voters Willing to Collectively Secure Elections? Unraveling a Practical Blockchain Voting System

Ensuring ballot secrecy is critical for fair and trustworthy electronic voting systems, yet achieving strong secrecy guarantees in decentralized, large-scale elections remains challenging. This paper proposes the concept of collectively secure voting, in which voters themselves can opt in as secr...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/08/29 5:17 p.m.6 views

CVE-2025-33036 Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

7.2CVSS0.00445EPSS
Exploits0References1
OSV
OSV
added 2025/08/25 2:15 p.m.4 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/04 5:17 p.m.11 views

CVE-2023-53130

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for blkdevput from diskscanpartitions If diskscanpartitions is called with 'FMODEEXCL', blkdevgetbydev will be called without 'FMODEEXCL', however, follow blkdevput is still called with...

5.5CVSS6.4AI score
Exploits0References4
Cvelist
Cvelist
added 2025/03/03 7:40 a.m.26 views

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS0.01426EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:40 a.m.61 views

CVE-2025-1723

CVE-2025-1723 affects Zohocorp ManageEngine ADSelfService Plus versions 6510 and earlier. The root cause is session mishandling in ADSelfService Plus, which can enable account takeover by valid users, especially when MFA is not enabled. Multiple connected sources (Red Hat advisory, NVD/NCSC/CVE r...

8.1CVSS8.1AI score0.01426EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 9:35 p.m.8 views

CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

3.3CVSS5.2AI score0.00428EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

fees model is counter-productive

Lines of code Vulnerability details Impact Fees become more and more expensive as there are more buys in the share. Fees are collected when a user buy/sell/mint/burn. As the protocol or the share creator, you would want to earn more rewards which is done if a lot of users are buying in or if a lo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.11 views

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.18 views

Ex-token holders are still able to cast votes on proposals under certain circumstances

Lines of code Vulnerability details When casting a vote, an address is limited to a certain amount of votes derived from ds.nouns.getPriorVotes. However, due to the nature of ds.nouns.getPriorVotes, the amount of votes available to an address solely depends on the amount of tokens they held when ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.8 views

Token holders can create as many proposals as they want if they already have an active proposal by transferring their token to another wallet.

Lines of code Vulnerability details The propose function on NounsDAOV3Proposals.sol has a check called checkNoActivePropds, msg.sender, which exists to prevent token holders from spamming the propose function. Furthermore, the proposeOnTimelockV1 function calls propose directly, making it...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.10 views

Malicious whale of forked DAO can prevent smaller token holders from creating proposals

Lines of code Vulnerability details The proposal threshold on a forked DAO can be set all the way up to 1,000 basis points. If this were the case, only whales would be able to make proposals on the forked DAO. Impact The likelihood of this is low, because in order to set the proposalThresholdBps ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.8 views

In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval.

Lines of code Vulnerability details Impact In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total supply and the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.9 views

User can manipulate approvals and disapprovals of relative quorum strategy

Lines of code Vulnerability details Impact A malicious user with sufficient permissions can manipulate approvals and disapprovals of actions using the relative quorum strategy. They could effectively ensure that any action has an 100% chance of being approved or disapproved, even when the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.13 views

LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error

Lines of code Vulnerability details Impact LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error: quantity holders. The two cannot be compared. In general quantity holder, so the approver was lower than expected. Proof of Concept diff --git...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.7 views

votes[to] mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor() can lead to unexpected results

Lines of code Vulnerability details H-01 votesto mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor can lead to unexpected results Proof of Concept Equity.solL161 function adjustRecipientVoteAnchoraddress to, uint256 amount internal returns uint256 if to != address0x0...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/02/21 12:0 a.m.9 views

Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/17 12:0 a.m.10 views

Mitigation of H-02: Issue not fully mitigated

Lines of code Vulnerability details Mitigation of H-02: Issue not fully mitigated Original issue: H-02: Basket range formula is inefficient, leading the protocol to unnecessary haircut Not mitigated - top range can still be too high, leading to unnecessary haircut The applied mitigation follows t...

6.6AI score
Exploits0
Rows per page
Query Builder