42 matches found
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information...
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
Are Voters Willing to Collectively Secure Elections? Unraveling a Practical Blockchain Voting System
Ensuring ballot secrecy is critical for fair and trustworthy electronic voting systems, yet achieving strong secrecy guarantees in decentralized, large-scale elections remains challenging. This paper proposes the concept of collectively secure voting, in which voters themselves can opt in as secr...
CVE-2025-33036 Qsync Central
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
CVE-2023-53130
REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for blkdevput from diskscanpartitions If diskscanpartitions is called with 'FMODEEXCL', blkdevgetbydev will be called without 'FMODEEXCL', however, follow blkdevput is still called with...
CVE-2025-1723 Account takeover
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...
CVE-2025-1723
CVE-2025-1723 affects Zohocorp ManageEngine ADSelfService Plus versions 6510 and earlier. The root cause is session mishandling in ADSelfService Plus, which can enable account takeover by valid users, especially when MFA is not enabled. Multiple connected sources (Red Hat advisory, NVD/NCSC/CVE r...
CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
fees model is counter-productive
Lines of code Vulnerability details Impact Fees become more and more expensive as there are more buys in the share. Fees are collected when a user buy/sell/mint/burn. As the protocol or the share creator, you would want to earn more rewards which is done if a lot of users are buying in or if a lo...
Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens
Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...
Ex-token holders are still able to cast votes on proposals under certain circumstances
Lines of code Vulnerability details When casting a vote, an address is limited to a certain amount of votes derived from ds.nouns.getPriorVotes. However, due to the nature of ds.nouns.getPriorVotes, the amount of votes available to an address solely depends on the amount of tokens they held when ...
Token holders can create as many proposals as they want if they already have an active proposal by transferring their token to another wallet.
Lines of code Vulnerability details The propose function on NounsDAOV3Proposals.sol has a check called checkNoActivePropds, msg.sender, which exists to prevent token holders from spamming the propose function. Furthermore, the proposeOnTimelockV1 function calls propose directly, making it...
Malicious whale of forked DAO can prevent smaller token holders from creating proposals
Lines of code Vulnerability details The proposal threshold on a forked DAO can be set all the way up to 1,000 basis points. If this were the case, only whales would be able to make proposals on the forked DAO. Impact The likelihood of this is low, because in order to set the proposalThresholdBps ...
In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval.
Lines of code Vulnerability details Impact In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total supply and the...
User can manipulate approvals and disapprovals of relative quorum strategy
Lines of code Vulnerability details Impact A malicious user with sufficient permissions can manipulate approvals and disapprovals of actions using the relative quorum strategy. They could effectively ensure that any action has an 100% chance of being approved or disapproved, even when the...
LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error
Lines of code Vulnerability details Impact LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error: quantity holders. The two cannot be compared. In general quantity holder, so the approver was lower than expected. Proof of Concept diff --git...
votes[to] mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor() can lead to unexpected results
Lines of code Vulnerability details H-01 votesto mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor can lead to unexpected results Proof of Concept Equity.solL161 function adjustRecipientVoteAnchoraddress to, uint256 amount internal returns uint256 if to != address0x0...
Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price
Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...
Mitigation of H-02: Issue not fully mitigated
Lines of code Vulnerability details Mitigation of H-02: Issue not fully mitigated Original issue: H-02: Basket range formula is inefficient, leading the protocol to unnecessary haircut Not mitigated - top range can still be too high, leading to unnecessary haircut The applied mitigation follows t...