Lucene search
K

212 matches found

OSV
OSV
added 2026/02/02 8:19 p.m.4 views

GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...

7.7CVSS6AI score0.00541EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/15 11:0 a.m.5 views

4 Outdated Habits Destroying Your SOC's MTTR in 2026

It's 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts' needs, staggering investigations and...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/08 1:26 p.m.163 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Burp Passive Extension Passive Burp Suite exte...

10CVSS6.9AI score0.99562EPSS
Exploits374
Packet Storm
Packet Storm
added 2025/10/16 12:0 a.m.78 views

📄 Greenlife.bg SQL Injection

Greenlife.bg appears to suffer from a remote SQL injection vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...

8.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.6 views

Secure Coding with AI, from Creation to Inspection

While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-32647 · Go-Tuf +1 · Go-Tuf +1

Name of the Vulnerable Software and Affected Versions: go-tuf versions prior to 2.0.1 Description: The go-tuf client inconsistently traces the delegations, which can result in downloading the wrong artifact. For example, if targets delegate to "A" and "B", and "B" delegates to "C", the client...

9.9CVSS6.1AI score0.97781EPSS
Exploits21References144
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.283 views

MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'zlib' class MetasploitModule 'MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever', 'Description' = %q MongoDB Ops Manag...

5.3CVSS7AI score0.00891EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.12 views

Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to 5.38.2 exclusive. This is due to missing or incorrect nonce validation on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions. This makes it possible for unauthenticated...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.11 views

Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions in all versions up to 5.38.2 exclusive. This makes it possible for authenticated attackers, with...

6.7AI score
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.14 views

Attacker can cause deposits to be locked in the Solana lockbox

Lines of code Vulnerability details Impact An attacker can cause deposits to be locked in the lockbox Proof of Concept In withdraw, if the position has 0 liquidity the execution is reverted function withdrawuint64 amount external address positionAddress =...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.23 views

Delegation to address(0) causes permanent loss of voting power

Lines of code Vulnerability details Impact As stated in the comment on line 12 of NontransferableERC20Votes.sol, delegation of vote power can be done through the delegate function or by providing a signature to be used with delegateBySig. However, these functions do not prevent users from...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.14 views

Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function

Lines of code Vulnerability details Impact The contract contains a bug in the determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.12 views

Changing rsETH address breaks contract

Lines of code Vulnerability details Impact manipulating rsETH price Proof of Concept admin can change rsETH token address, while total supply of rsETH is used to calculate its price changing rsETH address changes its price. Tools Used Manual Review Recommended Mitigation Steps prevent changing...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.9 views

Precision loss in getRSETHPrice

Lines of code Vulnerability details Impact Precision loss and return zero price by Oracle Proof of Concept Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.19 views

Precision loss in getRsETHAmountToMint

Lines of code Vulnerability details Impact users may lose their assets Proof of Concept The price of rsETH increases against ETH price, this leads to precision loss in getRsETHAmountToMint. Consider a scenario that one rsETH worth 10 ETH; now if a user tries to deposit 9 ETH he losses assets due ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.10 views

Winner of auction status is not set to false after claim so eligible for refund

Lines of code Vulnerability details Impact Bidders funds will get stuck Proof of Concept After Auction winner claims token, his/her status is not set to false so he is eligible for a refund because the refund logic checks for all indexes with status set to true, which not supposed to be so. So th...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.11 views

Risk of Permanent ETH Loss for Bidders

Lines of code Vulnerability details Impact There's a risk of ETH becoming irretrievably locked in the contract if a bidder's address is a contract with either complex logic in its receive function or no receive function at all. In such cases, ETH transfers to these addresses could fail and result...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.10 views

Re-enterancy in AuctionDemo contract

Lines of code Vulnerability details Impact claimAuction function of AuctionDemo contract transfers the token to highest bidder winner and the bid amount is transferred to the owner. Moreover, refund is sent to all remaining participants non-winners of the auction via call function. However, if a...

6.9AI score
Exploits0
Rows per page
Query Builder