CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

public_disclosures

Public vulnerability disclosures Contains some of my vulnerab...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition and potential load storage tearing in the lasttxat field of the rxrpc mechanism...

Expected Behavior Violation

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Expected Behavior Violation via the DocugamiReader class. An attacker can cause loss of important document content, disrupt parent-child chunk hierarchies, and lead to inaccurate AI...

PVS Server: Windows Event logging for UEFI target Devices Boot Time inaccurate

The customer had built a new UEFI based vdisk and deployed it to production. The customer subsequently observed that the PVS Servers were recording a clearly inaccurate boot time, of millions of minutes, in Windows Event logs when target devices were booting. Example inaccurate boot time logged i...

BIT-GITLAB-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...

CVE-2023-44117

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

Potential inaccurate calculation of maxBond and effectiveBond in case of delayed call to checkpoint()

Lines of code Vulnerability details Impact The checkpoint function in the Tokenomics contract is responsible for recording global data when a new epoch starts. This function contains a potential issue when the checkpoint function is not called exactly at the end of an epoch that finishes very clo...

Users receive fewer tokens due to inaccuracy in calculation

Lines of code Vulnerability details Impact There is a loss of precision in the VRGDAC.yToX function, because in several places division occurs first, and then the result is multiplied. This results in users receiving fewer tokens. According to test data, the difference can be 8 digits. The choice...

pendingScoreUpdates counts may be corrupted

Lines of code Vulnerability details Vulnerability details Prime.pendingScoreUpdates is used to record the number of users whose score needs to be recalculated when addMarket , updateAlpha , updateMultipliers occurs. Record pendingScoreUpdates=totalIrrevocable + totalRevocable when the above metho...

In BondingVotes.sol, clock() will not work properly for Arbitrum due to use of block.number

Lines of code Vulnerability details Impact In BondingVotes.sol, clock is set to match the current round and clock has been extensively used in onlyPastRounds, getVotes, delegates, checkpointBondingState, checkpointTotalActiveStake, getTotalActiveStakeAt, getBondingCheckpointAt and it is given as...

getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply

Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.solL31-L35 /// @notice Get "circulating" votes supply; i.e.,...

XML External Entity (XXE)

php81 is vulnerable to XML External Entities XXE. The program handles XML documents that include URIs that resolve to external resources, resulting in inaccurate output and posing problems for the end product...

TwabLib::getTwabBetween can return innacurate balances if _startTime and _endTime aren't safely bounded

Lines of code Vulnerability details M-01 TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Vulnerability details Here's the documentation of the get TwabLib::getTwabBetween function : File: twab-controller\src\libraries\TwabLib.sol 278: / 279:...

doesn't handle when value of reservePool returned is nil

Lines of code Vulnerability details Impact inputReserve and outputReserve is gotten from the reservePool return However reservePool could be nil and since not handled or checked it results to inaccurate inputReserve and outputReserve Proof of Concept inputReserve and outputReserve are gotten usin...

getPORFeedData() doesn't validate price feed answers (totalETHBalanceInInt and totalETHXSupplyInInt) before casting to uint256

Lines of code Vulnerability details Impact If a negative value is returned 0 from chainlink oracle and the value is cast to type uint256, the resulting value will be the unsigned representation of that value which will be an inaccurate price. Also, cases where sdprice can't be less than 0 will...

Race Condition

@web3-react is vulnerable to a Race Condition. In the event that the user switches chains during the connection flow, the chainId may become outdated, making any data generated from it potentially inaccurate. An application that swaps between chains for instance, can cause the user to tokens mone...

referralRegisterTickets there is an inaccurate calculation of the total number of tickets for referrers

Lines of code Vulnerability details Impact There is an inaccurate total ticket count for referrers, that is, when the number of unclaimed tickets for referrers has reached the minimum EligibleReferralscurrentDraw, but when the number of referrer tickets is added to the new number of tickets will...

int128 cast underflow in _receiveDripsResult()

Lines of code Vulnerability details Impact In receiveDripsResult, the type cast of uint128 could underflow, and result in wrong receivedAmt. The impacts could be: wrong amount being transferred to users and drain the protocol fund inaccurate transfer amount, some users lose fund and some receive...

fundingRate formula and _multiplier()

Lines of code Vulnerability details Impact The formula used formultiplier will not work as expected. The target price update will be inaccurate and all the borrow/repay/liquidation functions will use the inaccurate target price. The impacts might be: Target price and mark price track will not wor...