Lucene search
K

24 matches found

CVE
CVE
added 2026/06/01 9:2 p.m.25 views

CVE-2026-40964

Cloud Foundry Foundation reports an Authentication Bypass in cf-auth-proxy that permits an unauthenticated remote attacker to read all logs and metrics for all apps and platform components by minting a JWT accepted as a valid logs.admin token. Affected: log-cache_release up to v3.2.6 (inclusive);...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/01 9:7 a.m.11 views

Malicious Package

Overview chai-as-minted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 9:7 a.m.15 views

Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/01 9:7 a.m.15 views

MAL-2026-5106 Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/04/16 10:48 p.m.11 views

Insufficient Granularity of Access Control

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId route...

8.5CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-5078

Malware in sbrugna...

7.5CVSS7.6AI score0.00923EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 2:58 a.m.6 views

CVE-2018-13131

SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...

7.5CVSS7.2AI score0.01024EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.11 views

Some buyers wont get expected tokens minted due to precision loss

Lines of code Vulnerability details Impact The ERC20TokenEmitter.buyToken mints tokens according to the configured bps per address. This is due to the below code's implementation in buyToken function. for uint256 i = 0; i 0 // transfer tokens to address mintaddressesi, uint256totalTokensForBuyers...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.14 views

Users of ReraiseCrowdfund will potentially not receive appropriate voting power

Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.13 views

Inflation attack in VotiumStrategy

Lines of code Vulnerability details Summary The VotiumStrategy contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact Both AfEth and VotiumStrategy acts as vaults: accounts deposit some tokens and get back...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.11 views

BYTES2.getReward: no check for input

Lines of code Vulnerability details Impact the function getReward should validate that to is not an empty address 0x0 to prevent accidental loss of BYTES. Impact: mint reward BYTES to address0 will be lost Proof of Concept function getReward address to external uint256 reward, uint256 daoCommisio...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.18 views

Incorrect totalSupply() function design

Lines of code Vulnerability details Impact In ERC1155Enumerable.solL36-L37 line, totalsuppyl of ERC1155 is calculated packages/v2-token/src/base/ERC1155Enumerable.sol: 34 35: /// @inheritdoc IERC1155Enumerable 36: function totalSupply public view override returns uint256 37: return...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.10 views

first depositor can drain other depositors

Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit in LiquidityPool. she deposits 1 basic unit of the token, therefore minting one lp token...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.6 views

first depositor of the insurance fund can drain the other depositors

Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/19 12:0 a.m.5 views

Creator of pie can mint any amount of _initialSupply, and drain underlying tokens via exitPool

Handle hubble Vulnerability details Impact The Creator of pie or msg.sender of bakePie in PieFactoryContract, can set any high value of initialSupply and get the ERC20 tokens minted. There is no relation to the intialSupply and the amount of underlying Tokens added to the Pie during the bakePie...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/19 12:0 a.m.12 views

Basket's max cap can be surpassed due to beneficiary entry fee

Handle kenzo Vulnerability details When joining a basket, the function verifies that the total supply + tokens the user asks to mint is smaller than the basket's max supply. However, this doesn't take into account the fact that additional tokens will be minted if there's an entry fee beneficiary...

6.9AI score
Exploits0
OSV
OSV
added 2021/11/15 11:28 p.m.57 views

GHSA-WMPV-C2JP-J2XG ERC1155Supply vulnerability in OpenZeppelin Contracts

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of...

6.9AI score
Exploits0References2
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.9 views

Synth tokens can get over-minted

Handle WatchPug Vulnerability details Per the document: It also is capable of using liquidity units as collateral for synthetic assets, of which it will always have guaranteed redemption liquidity for. However, in the current implementation, Synth tokens are minted based on the calculation result...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.10 views

FSDVesting.updateVestedTokens doesn't have any control modifiers and anyone can increase vested amount for a beneficiary

Handle hyh Vulnerability details Impact In current implementation all vesting beneficiaries can increase their vested amounts unlimitedly by calling updateVestedTokensmyfsdvestingaddress, anyamounttobeaddedtovesting. Beneficiary can then surpass vesting schedule by calling claimVestedTokens It wi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.15 views

initializeMarket uses wrong market index for synthetic

Handle cmichel Vulnerability details The LongShort.initializeMarket function accepts a marketIndex parameter to identify which market should be initialized. However, this index is not used everywhere, when calling IStakerstaker.addNewStakingFund the latestMarket variable is used. In the...

6.9AI score
Exploits0
Rows per page
Query Builder