CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the admin method in the market module, which reads grmode from $REQUEST and assigns it to $this-mode. As a result, all...

PT-2024-5677 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a parameter in the market module of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...

TOFT in (m)TapiocaOft contracts can be stolen by calling removeCollateral() with a malicious removeParams.market

Lines of code Vulnerability details Impact The TOFT available in the TapiocaOFT contract can be stolen when calling removeCollateral with a malicious market. Proof of Concept mTapiocaOFT inherit BaseTOFT, which has a function removeCollateral that accepts a market address as an argument. This...