7 matches found
CVE-2025-10908
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a notification callback that disables devices within a lock mechanism, potentially leading to a...
Owner can use changeTimewindow() in VaultFactory and deny other from depositing into the Vaults (As this parameter used in epoch start Time detection). owner can use this for his/her benefits when he sees there is an good opportunity. changing this parameters should be with time-lock mechanism
Lines of code Vulnerability details Impact Owner can control timewindow of a Vault and epoch and by that he can control deposits of others and owner can deny other from depositing into a Vault by increasing timewindow as if he saw any profit by that. changing this type of parameters should be don...
User can have full voting power with virtually no lockup using multiple locks and delegation
Lines of code Vulnerability details Impact User receives voting power of max lock but only locks for a minimal amount of time Proof of Concept In VotingEscrow.solcheckpoint, the duration of the delegatee and the total delegated tokens are used to determine the amount of voting power that a lock...
PT-2021-7384 · Grub2 +2 · Grub2 +2
Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel...
Encryption, Lock Mechanism Vulnerabilities Plague Lock App AppLock
Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts more than 100 million users. A researcher is claiming that the app, which is supposed to securely store photos, videos and other apps, doesn’t really use encryption to do so, it simply hides the files...
S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server
S21Sec Advisory - Title: Infinite invalid authentication attempts possible in BEA WebLogic Server ID: S21SEC-040-en Severity: Medium Scope: BEA Weblogic Platforms: All Author: [email protected] URL: http://www.s21sec.com/avisos/s21sec-040-en.txt Release: Public SUMMARY It's possible to launch a...