_getUtility function may be vulnerable to precision loss

Lines of code Vulnerability details Impact When calculating r0 and r1 in the getUtility function precision loss may occur due to the use of the standard devision operator / instead of the devision functions of ABDKMath64x64. As the other values in the equation make use of the library's methods if...

Malicious code in spark-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b69ba236f6e65c975d31bbd86381ca28f0abc32e518869dbc220b8cfe2c526e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PYSEC-2023-146

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

LangChain Injection Vulnerability

LangChain is used to build applications using LLM through composability. A security vulnerability exists in langchain version 0.0.194 and earlier versions, which results from arbitrary code execution via the frommathprompt and fromcoloredobjectprompt functions...

createLock, increaseAmount int128(int256(_value)) unsafe downcast can lead to asset loss

Lines of code Vulnerability details Impact Suppose users deposit more than typeint128.max value through createLock and increaseAmount, they may get less voting power and can't get the assets back. Proof of Concept The VotingEscrow.sol is forked from FIATDAO, but it seems don't consider a MEDIUM...

WordPress Rank Math SEO Plugin < 1.0.119.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...

Incorrect Target Amount Calculation with Different Decimals in OptionPositionManager Contract

Lines of code Vulnerability details Bug Description In the OptionPositionManager contract, at line 524, there is a calculation error in the implementation of the getTargetAmountFromOracle function. This function calculates the target amount amountB based on the prices of assets A and B obtained...

rounding error can lead to DISABLE the system

Lines of code Vulnerability details Impact In RNGAuction.sol, openSequenceId if the difference between currentTime and sequenceOffset is less than the sequencePeriod, it will round to zero leading to all functions depending on its value to return false like canStartNextSequence, or even revert in...

PRBMATH SD59x18.exp() reverts on hugely negative numbers.

Lines of code Vulnerability details Impact ContinuousGDA.sol inherits a version of PRB Math that contains a vulnerability in the SD59x18.exp function, which can be reverted on hugely negative numbers. SD59x18.exp is used for calculations in ContinuousGDA.solpurchasePrice ,...

Rank Math SEO < 1.0.119.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-32600

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

CVE-2023-32600

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

WordPress plugin Rank Math SEO cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-32600 WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

CVE-2023-32600

CVE-2023-32600 is a stored XSS vulnerability in WordPress Rank Math SEO plugin versions &lt;= 1.0.119. The vulnerability affects the plugin’s handling of input in a way that could allow an attacker with Contributor-level privileges and user interaction to induce script execution (per CVSS vector:...

PYSEC-2023-138

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

PYSEC-2023-138

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

LangChain Code Injection Vulnerability

LangChain is used to build applications using LLM through composability. A code injection vulnerability exists in Harrison Chase langchain version v.0.0.194, which stems from an arbitrary code execution vulnerability in frommathpromptllm.run...

PT-2023-23904 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin versions prior to 1.0.120 Description: A Stored Cross-Site Scripting XSS vulnerability has been identified, posing a severe security risk. This issue affects over two million websites, exposing them to potential...