CVE-2024-5995

CVE-2024-5995 affects Soar Cloud HR Portal. The issue is insufficient session expiration: a link sent via notification emails contains an embedded session that is not properly expired and can remain valid for more than 7 days, enabling reuse. The vulnerability has a CVSSv3.1 base score of 8.8 (HI...

Reorgs could revert the setRange function and lead to a long lasting stale price of USDY

Lines of code Vulnerability details Summary Reorgs could revert the setRange function and therefore lead to stale prices for a long time depending on the off chain protection, against it Vulnerability Details Here is the setRange function of the USDY price oracle: function setRange uint256...

CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

CVE-2020-17473

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...