User able to steal all votes escrowed in LockingVault due to downcasting

Lines of code Vulnerability details Even though the LockingVault is considered out of scope, it contains very serious vulnerability allowing anyone to steal ALL Arcade voting tokens. The vulnerability is possible due to downcasting amount to withdraw to uint96. In case that the amount of tokens...

math.ttu.edu Improper Access Control vulnerability OBB-3530150

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

VulnCheck KEV: CVE-2020-11514

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...

WordPress Easy Math Captcha for CF7 Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Math Captcha for CF7 Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c64d705fa07e Credits Rafie Muhammad Patchstac...

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

Malicious user can steal other user's deposits from Vault.sol

Lines of code Vulnerability details Impact When the Vault.withdraw function is called, a maximum of typeuint96.max shares are being burnt subsequently: Vault.withdraw- Vault.withdraw- Vault.burn burns uint96shares, see Vault.sol line 1139. A malicious user can exploit this in the following way: 1...

dynamicQuorumVotes calculation has accuracy error resulting in the less required quorum

Lines of code Vulnerability details Impact dynamicQuorumVotes is divided by totalSupply, multiplied by quorumCoefficient, divided by 1e6 and then multiplied by totalSupply. There are precision errors in division before multiply. For quorumAdjustmentBPS, the division precision error is 1 and...

Well.sol#removeLiquidityImbalanced - Handling Excess Reserves in removeLiquidityImbalanced Function to Prevent Unnecessary Reverts

Lines of code Vulnerability details Impact The removeLiquidityImbalanced function in the Well.sol contract is vulnerable to a potential underflow. This could disrupt the contract's functionality and prevent users from removing liquidity in an imbalanced manner. Furthermore, the function does not...

Possible Issues Related to Well Initial State

Lines of code Vulnerability details Description && Impact After creating the Well contract, there will be no reserves in the initial state. Therefore it could lead to the following possible issues and the attackers can take advantage of them through front running. 1. Price manipulation attacks Wh...

First liquidity provider can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept The attack vector and impact is that users may not receive shares...

golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system...

A minimum of 1/3 of total esLBR supply required for the proposal to pass

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If a quorum is set too high, the minimum number of cast voted required for a proposal to be successful would be harder to reach. Proof of Concept Provide direct links to all referenced code in GitHub. A...

Wrong proposalThreshold amount in LybraGovernance.sol

Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...

Wrong validation when setting BadCollateralRatio

Lines of code Vulnerability details Impact Setting of BadCollateralRatio has a slight bug //@audit-issue bug here, should be - 1e19 function setBadCollateralRatioaddress pool, uint256 newRatio external onlyRoleDAO requirenewRatio = 130 1e18 && newRatio = 160 1e18, "eUSD vault safe...

The initial total supply of the role can be miscalculated in some cases

Lines of code Vulnerability details Impact Due to miscalculations during LlamaPolicy contract deployment the initial supply of the role can be set wrongly. And most of strategies will not work as intended. Moreover users will not be able to start an Action for some strategies as well. Proof of...

CVE-2023-32800

Unauth. Reflected Cross-Site Scripting XSS vulnerability in One Rank Math SEO PRO plugin = 3.0.35 versions...

CVE-2023-32800

Unauth. Reflected Cross-Site Scripting XSS vulnerability in One Rank Math SEO PRO plugin = 3.0.35 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in One Rank Math SEO PRO plugin = 3.0.35 versions...

CVE-2023-32800 WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in One Rank Math SEO PRO plugin = 3.0.35 versions...

CVE-2023-32800 WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in One Rank Math SEO PRO plugin = 3.0.35 versions...