8 matches found
CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...
CVE-2026-25781 kernel_liteos_a has an out-of-bounds write vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...
CVE-2024-53044
The CVE refers to Linux kernel net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext(). The issue caused by xa_insert() failure when the same block index is used for ingress and egress, leading to an incorrect teardown and an unbound offload path (FLOW_BLOCK_BIND) not being followed...
Loss of funds due to beneficiary override to address(0) during transfer
Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...
Loss of funds due to premiums and proceeds accruing to address(0) by default
Lines of code Vulnerability details Premiums and proceeds earned will accrue to the zero address by default, instead of the vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is not set during createVault, so any call to getVaultBeneficiary will return...
Should a Chainlink aggregator become stuck in a stale state then TwapOracle will become irrecoverably broken
Handle TomFrench Vulnerability details Impact Inability to call consult on the TwapOracle and so calculate the exchange rate between USDV and VADER. Proof of Concept Should any of the Chainlink aggregators used by the TwapOracle becomes stuck in such a state that the check on L143-146 of...
Single-step process for critical ownership transfer/renounce is risky
Handle 0xRajeev Vulnerability details Impact The SwappableYieldSource allows owners and asset managers to set/swap/transfer yield sources/funds. As such, the contract ownership plays a critical role in the protocol. Given that AssetManager is derived from Ownable, the ownership management of this...
Single-step process for critical ownership transfer
Handle 0xRajeev Vulnerability details Impact The Tracer Perpetuals Factory contract is arguably the most critical contract in the project given that it deploys all the markets. The ownership of this contract is transferred to governance address, i.e. TracerDAO, in the constructor. This critical...