CVE-2023-43018

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...

In for a penny, in for ten quadrillion dollars

Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...

CVE-2023-30492

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vark Minimum Purchase for WooCommerce plugin = 2.0.0.1 versions...

CVE-2023-30492

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vark Minimum Purchase for WooCommerce plugin = 2.0.0.1 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vark Minimum Purchase for WooCommerce plugin = 2.0.0.1 versions...

CVE-2023-30492 WordPress Minimum Purchase for WooCommerce Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vark Minimum Purchase for WooCommerce plugin = 2.0.0.1 versions...

CVE-2023-30492 WordPress Minimum Purchase for WooCommerce Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vark Minimum Purchase for WooCommerce plugin = 2.0.0.1 versions...

CVE-2023-30492

CVE-2023-30492 concerns a stored Cross-Site Scripting (XSS) in the WordPress plugin Minimum Purchase for WooCommerce (by Vark) for versions

PT-2023-22728 · Woocommerce · Vark Minimum Purchase For Woocommerce

Name of the Vulnerable Software and Affected Versions: Vark Minimum Purchase for WooCommerce plugin versions = 2.0.0.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. The vulnerability allows for the...

WordPress Plugin Minimum Purchase for WooCommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

users will receive lesser rewards than they are supposed to.

Lines of code Vulnerability details Impact Due to risky math being used in the contract LiquidityMining.sol, the user could lose their rewards. Proof of Concept The calculation for user rewards in the LiquidityMining.sol Contract in multple instances divides the rewards earned by the user with a...

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...

CVE-2023-43715

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ENTRYFIRSTNAMEMINLENGTHTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

Subrion CMS XSS in /panel/configuration/financial/

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

Cross site scripting

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

Lack of minAmount when adding liquidity into Uniswap V2 can lead to the LP getting MEVd

Lines of code Vulnerability details Impact The amount being LPd into Uniswap can get stolen trough MEV. Proof of Concept The reLP contract re-LPs a certain amount of the tokens, that enter after a bond gets bought. The issue arises due to there not being proper minimum liquidity amounts passed wh...

M-22 Unmitigated

Lines of code Vulnerability details Comments The underlying yield vaults used by the V5 vaults usually round down shares received when depositing. As a result, if the Vault deposits to an underlying yield vault that has already issued shares, it is possible that a deposit could be rounded down to...

CVE-2023-0425 Buffer overflow in global memory region

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...