24 matches found
CVE-2026-40964
Cloud Foundry Foundation reports an Authentication Bypass in cf-auth-proxy that permits an unauthenticated remote attacker to read all logs and metrics for all apps and platform components by minting a JWT accepted as a valid logs.admin token. Affected: log-cache_release up to v3.2.6 (inclusive);...
Malicious Package
Overview chai-as-minted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in chai-as-minted (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5106 Malicious code in chai-as-minted (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Insufficient Granularity of Access Control
Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId route...
EUVD-2018-5078
Malware in sbrugna...
CVE-2018-13131
SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner...
Some buyers wont get expected tokens minted due to precision loss
Lines of code Vulnerability details Impact The ERC20TokenEmitter.buyToken mints tokens according to the configured bps per address. This is due to the below code's implementation in buyToken function. for uint256 i = 0; i 0 // transfer tokens to address mintaddressesi, uint256totalTokensForBuyers...
Users of ReraiseCrowdfund will potentially not receive appropriate voting power
Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...
Inflation attack in VotiumStrategy
Lines of code Vulnerability details Summary The VotiumStrategy contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact Both AfEth and VotiumStrategy acts as vaults: accounts deposit some tokens and get back...
BYTES2.getReward: no check for input
Lines of code Vulnerability details Impact the function getReward should validate that to is not an empty address 0x0 to prevent accidental loss of BYTES. Impact: mint reward BYTES to address0 will be lost Proof of Concept function getReward address to external uint256 reward, uint256 daoCommisio...
Incorrect totalSupply() function design
Lines of code Vulnerability details Impact In ERC1155Enumerable.solL36-L37 line, totalsuppyl of ERC1155 is calculated packages/v2-token/src/base/ERC1155Enumerable.sol: 34 35: /// @inheritdoc IERC1155Enumerable 36: function totalSupply public view override returns uint256 37: return...
first depositor can drain other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit in LiquidityPool. she deposits 1 basic unit of the token, therefore minting one lp token...
first depositor of the insurance fund can drain the other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...
Creator of pie can mint any amount of _initialSupply, and drain underlying tokens via exitPool
Handle hubble Vulnerability details Impact The Creator of pie or msg.sender of bakePie in PieFactoryContract, can set any high value of initialSupply and get the ERC20 tokens minted. There is no relation to the intialSupply and the amount of underlying Tokens added to the Pie during the bakePie...
Basket's max cap can be surpassed due to beneficiary entry fee
Handle kenzo Vulnerability details When joining a basket, the function verifies that the total supply + tokens the user asks to mint is smaller than the basket's max supply. However, this doesn't take into account the fact that additional tokens will be minted if there's an entry fee beneficiary...
GHSA-WMPV-C2JP-J2XG ERC1155Supply vulnerability in OpenZeppelin Contracts
When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of...
Synth tokens can get over-minted
Handle WatchPug Vulnerability details Per the document: It also is capable of using liquidity units as collateral for synthetic assets, of which it will always have guaranteed redemption liquidity for. However, in the current implementation, Synth tokens are minted based on the calculation result...
FSDVesting.updateVestedTokens doesn't have any control modifiers and anyone can increase vested amount for a beneficiary
Handle hyh Vulnerability details Impact In current implementation all vesting beneficiaries can increase their vested amounts unlimitedly by calling updateVestedTokensmyfsdvestingaddress, anyamounttobeaddedtovesting. Beneficiary can then surpass vesting schedule by calling claimVestedTokens It wi...
initializeMarket uses wrong market index for synthetic
Handle cmichel Vulnerability details The LongShort.initializeMarket function accepts a marketIndex parameter to identify which market should be initialized. However, this index is not used everywhere, when calling IStakerstaker.addNewStakingFund the latestMarket variable is used. In the...