Beyond Code Reasoning: A Specification-Anchored Audit Framework for Expert-Augmented Security Verification

Security-critical software is routinely audited by tools that reason about vulnerabilities as repository-local code patterns. Yet specification-governed systems -- protocol stacks, consensus implementations, cryptographic libraries -- are constrained by invariants and correctness conditions defin...

EUVD-2022-25532

Malicious code in bioql PyPI...

Misunderstanding operator with from

Lines of code Vulnerability details Author: rotcivegaf Impact The owner of the ERC721 token could approve an operator to manage his tokens With the misunderstanding of operator with from in the onERC721Received function the benefits of this function goes to the operator instead of the fromowner:...

Airline Passenger Mistakes Vintage Camera for a Bomb

I feel sorry for the accused: The "security incident" that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding -- after an airline passenger mistook another travelers camera for a bomb, sources said Sunday. American...

Compound DeFi Platform Gives Out $90M

Compound, an Ethereum-based decentralized finance DeFi platform, accidentally gave out $90 million to its users in a botched upgrade. Now, the owners would appreciate it if they gave it back. Compound might even be willing to throw in a 10 percent “reward,” it said. On the flip side, those who...

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

Udemy: CSRF Token

Reporter misunderstood how CSRF validation operates and believed his steps broke it...

Keyloggers in Samsung Laptops, Officials says - Samsung laptops are in fact secure !

Keyloggers in Samsung Laptops, Officials says - Samsung laptops are in fact secure ! We'll start by saying that we've reached out to Samsung for a response here, but as of now, no reply has been given -- neither a confirmation nor a refusal of truth. Why bother mentioning that? If this here story...

Microsoft Internet ExplorerOpera - Source Code viewer Null Character Handling

Microsoft Internet ExplorerOpera - Source Code viewer Null Character Handling Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability Date: 10/04/2010 Author: Daniel Correa Software Link: http://www.microsoft.com/windows/internet-explorer/default.aspx Software Link:...