212 matches found
GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
4 Outdated Habits Destroying Your SOC's MTTR in 2026
It's 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts' needs, staggering investigations and...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Burp Passive Extension Passive Burp Suite exte...
📄 Greenlife.bg SQL Injection
Greenlife.bg appears to suffer from a remote SQL injection vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...
Secure Coding with AI, from Creation to Inspection
While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...
PT-2024-32647 · Go-Tuf +1 · Go-Tuf +1
Name of the Vulnerable Software and Affected Versions: go-tuf versions prior to 2.0.1 Description: The go-tuf client inconsistently traces the delegations, which can result in downloading the wrong artifact. For example, if targets delegate to "A" and "B", and "B" delegates to "C", the client...
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'zlib' class MetasploitModule 'MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever', 'Description' = %q MongoDB Ops Manag...
Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to 5.38.2 exclusive. This is due to missing or incorrect nonce validation on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions. This makes it possible for unauthenticated...
Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions in all versions up to 5.38.2 exclusive. This makes it possible for authenticated attackers, with...
Attacker can cause deposits to be locked in the Solana lockbox
Lines of code Vulnerability details Impact An attacker can cause deposits to be locked in the lockbox Proof of Concept In withdraw, if the position has 0 liquidity the execution is reverted function withdrawuint64 amount external address positionAddress =...
Delegation to address(0) causes permanent loss of voting power
Lines of code Vulnerability details Impact As stated in the comment on line 12 of NontransferableERC20Votes.sol, delegation of vote power can be done through the delegate function or by providing a signature to be used with delegateBySig. However, these functions do not prevent users from...
Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function
Lines of code Vulnerability details Impact The contract contains a bug in the determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type...
CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance
Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...
Holder cannot claim fee
Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...
Changing rsETH address breaks contract
Lines of code Vulnerability details Impact manipulating rsETH price Proof of Concept admin can change rsETH token address, while total supply of rsETH is used to calculate its price changing rsETH address changes its price. Tools Used Manual Review Recommended Mitigation Steps prevent changing...
Precision loss in getRSETHPrice
Lines of code Vulnerability details Impact Precision loss and return zero price by Oracle Proof of Concept Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero...
Precision loss in getRsETHAmountToMint
Lines of code Vulnerability details Impact users may lose their assets Proof of Concept The price of rsETH increases against ETH price, this leads to precision loss in getRsETHAmountToMint. Consider a scenario that one rsETH worth 10 ETH; now if a user tries to deposit 9 ETH he losses assets due ...
Winner of auction status is not set to false after claim so eligible for refund
Lines of code Vulnerability details Impact Bidders funds will get stuck Proof of Concept After Auction winner claims token, his/her status is not set to false so he is eligible for a refund because the refund logic checks for all indexes with status set to true, which not supposed to be so. So th...
Risk of Permanent ETH Loss for Bidders
Lines of code Vulnerability details Impact There's a risk of ETH becoming irretrievably locked in the contract if a bidder's address is a contract with either complex logic in its receive function or no receive function at all. In such cases, ETH transfers to these addresses could fail and result...
Re-enterancy in AuctionDemo contract
Lines of code Vulnerability details Impact claimAuction function of AuctionDemo contract transfers the token to highest bidder winner and the bid amount is transferred to the owner. Moreover, refund is sent to all remaining participants non-winners of the auction via call function. However, if a...