Lucene search
K

4 matches found

Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.5 views

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

6AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.9 views

Irrevocable token can be downgrade to be revocable

Lines of code Vulnerability details Impact Code Invariant Irrevocable token cannot be downgrade to be revocable can be break leading to loss of user accrued rewards. Proof of Concept In this message one of the contest sponsors syas: "irrevocable token cannot be downgrade to be revocable" To...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.7 views

Return value of send of ether not checked in _withdrawFromYieldPool

Lines of code Vulnerability details Impact A send of ether is done on LidoVault.sol:140. It is immediately followed by a return statement which will cause the function to return without checking the sent value on line 142. Line 142 is dead code. The impact is that the to address might not receive...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2018/02/03 4:19 p.m.113 views

Pornhub: Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com

The researcher discovered that a parameter's value was stored in a cookie and that cookie's value was echoed in certain pages. The researcher was successful in providing an XSS payload as this parameter's value and having it execute. DOM XSS through cookie. Discovered by manual inspection of JS...

6.7AI score
Exploits0
Rows per page
Query Builder