Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Code423n4
Code423n4added 2023/12/13 12:0 a.m.12 views

Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()

Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...

7.1AI score
Exploits0
Code423n4
Code423n4added 2023/12/08 12:0 a.m.2 views

NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...

7.4AI score
Exploits0
Code423n4
Code423n4added 2023/11/13 12:0 a.m.6 views

Adversary can reenter mint to bypass max allowance.

Lines of code github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.solL189-L200 Vulnerability details Description MinterContract.mint calls NextGenCore.mint, which variables that accounts the amount of tokens each user minted is changed only after mintProcessing, that has a...

7.1AI score
Exploits0
Veracode
Veracodeadded 2019/05/02 4:55 a.m.22 views

Cross-site Scripting (XSS)

cumin is vulnerable to cross-site scripting XSS. The vulnerability exists through the Max Allowance field in the Set limit form...

4.3CVSS5.6AI score0.00296EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologiesadded 2013/12/23 12:0 a.m.2 views

PT-2013-5004 · Red Hat · Red Hat Enterprise Mrg Grid

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise MRG Grid version 2.4 Description: A cross-site scripting XSS issue exists in the web interface for cumin, allowing remote attackers to inject arbitrary web script or HTML via the Max allowance field in the "Set limit" form...

4.3CVSS5.4AI score0.00296EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2013/12/17 6:29 p.m.2 views

cumin: non-persistent XSS possible due to not escaping set limit form input

Cross-site scripting XSS vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form...

4.3CVSS5.9AI score0.00296EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2013/12/17 6:28 p.m.1 views

cumin: non-persistent XSS possible due to not escaping set limit form input

Cross-site scripting XSS vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form...

4.3CVSS5.9AI score0.00296EPSS
Exploits0References4
Rows per page
Query Builder