CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

19 matches found

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-0941

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00713EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 3:29 a.m.•8 views

CVE-2023-26488

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the...

6.5CVSS7.1AI score0.00713EPSS

Exploits0References1

Code423n4•added 2023/12/13 12:0 a.m.•13 views

Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()

Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...

Code423n4•added 2023/12/08 12:0 a.m.•3 views

NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...

Code423n4•added 2023/11/17 12:0 a.m.•10 views

Malicious shares can't be paused or stopped after creation, so users will continue use them

Lines of code Vulnerability details Impact In case if share creator is a malefactor he can try to do multiple malicious operations: Pump and Dump attack with price manipulation, artificially increase fees for NFT minting. Proof of Concept Both attacks described in my other reports and unfortunate...

Code423n4•added 2023/11/13 12:0 a.m.•5 views

Users get pay for multiple NFTs and only get 1 minted

Lines of code Vulnerability details Impact Users get only 1 NFT after paying for multiple or more than one Proof of Concept In MinterContract.mint users can mint more than one token and are allowed to pay for the number of tokens minted. function mint uint256 collectionID, uint256 numberOfTokens,...

Code423n4•added 2023/03/18 12:0 a.m.•5 views

Missing check for NFT contract, a bad actor can mint a PFP NFT without having a CID NFT

Lines of code Vulnerability details Impact Missing check for NFT contract, a bad actor can mint a PFP NFT without having a CID NFT. Proof of Concept The ProfilePicture.mint is used to mint a new PFP NFT. function mintaddress nftContract, uint256 nftID external uint256 tokenId = ++numMinted; if...

Vulnrichment•added 2023/03/03 9:8 p.m.•10 views

CVE-2023-26488 OpenZeppelin Contracts contains Incorrect Calculation

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the...

6.5CVSS6.7AI score0.00713EPSS

Exploits0References3

Code423n4•added 2022/12/22 12:0 a.m.•6 views

RuniverseLandMinter._mintTokensUsingTokenId does not verify that the tokenId matches the corresponding plotSize

Lines of code Vulnerability details Impact The first eight digits of the RuniverseLand TokenID indicate the corresponding plotSize of the NFT owner can call RuniverseLandMinter.ownerMintUsingTokenId directly to mint the NFT for a specific TokenID In RuniverseLandMinter.mintTokensUsingTokenId, the...

Code423n4•added 2022/11/28 12:0 a.m.•12 views

MINTING OF NFT AT WILL

Lines of code Vulnerability details Impact register is an unrestricted public function where any new msg.sender is going to get through the modifier onlyUnregistered. With a non-zero recipient argument passed into the function, a new NFT is going to be minted to the recipient. Consequently, an...

HackRead•added 2022/11/09 1:0 p.m.•7 views

OnePlanet Announces Support for Polygon-based Launchpad Services

By Deeba Ahmed This connectivity between the NFT launchpad and the Polygon ecosystem will allow the minting of new collections on the Polygon network. This is a post from HackRead.com Read the original post: OnePlanet Announces Support for Polygon-based Launchpad Services...

Code423n4•added 2022/10/23 12:0 a.m.•11 views

Beneficiary credit balance can unwillingly be used to mint low tier NFT

Lines of code Vulnerability details Impact In the function processPayment, it will use provided JBDidPayData from JBPaymentTerminal to mint to the beneficiary. The value from JBDidPayData will be sum up with previous credits balance of beneficiary. There are 2 cases that beneficiary credit balanc...

Code423n4•added 2022/10/20 12:0 a.m.•10 views

The tier setting parameter are unsafely downcasted from type uint256 to type uint80 / uint48 / uint40 / uint16

Lines of code Vulnerability details Impact The tier setting parameter are unsafely downcasted from uint256 to uint80 / uint48 / uint16 the tier is setted by owner is crucial because the parameter affect how nft is minted. the the callstack is JBTiered721Delegate.solinitialize - StorerecordAddTier...

Code423n4•added 2022/08/15 12:0 a.m.•8 views

users could mint NFTs for free

Lines of code Vulnerability details Impact Malicious users could mint NFTs AMAP by the collection saleConfig.limitPerAccount with msg.value == 0 ETH Proof of Concept The malicious users call mintFromFixedPriceSale with 0 ETH. the only check is if msg.value mintCostand there is no check for...

Code423n4•added 2022/07/04 12:0 a.m.•11 views

Any one can mint penny NFT to take some advantage

Lines of code Vulnerability details Any one can mint penny NFT to take some advantage Impact Some users might be taken advantage of, for those who long call or short put the floortoken, and finnally lead to loss of these users. Proof of Concept There is no control over the floortoken platform,...

Code423n4•added 2022/05/08 12:0 a.m.•10 views

Users will pay more than required for NFT Minting

Lines of code Vulnerability details Impact NFTs should be sold for their best price without descending into a gas race: Due to SpeedBumpPriceGate.sol function passThruGate code users will pay more than required for NFT Minting. User will pay msg.value and not the NFT "price". It is very likely th...

Code423n4•added 2022/01/11 12:0 a.m.•10 views

Both _mint and _safeMint are used to mint NFTs

Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...

Code423n4•added 2022/01/06 12:0 a.m.•9 views

Re-entracy leading to increasing points in undesired way

Handle hack3r-0m Vulnerability details Current state: the attacker has a few nfts minted already by locking position call lock function with very high duration and very high amount from a contract attacker has control of this contract It will pass the non-re-entrant check and call lock function...

Code423n4•added 2022/01/05 12:0 a.m.•10 views

merge is loss of all assets

Handle danb Vulnerability details merge function mints nft, but doesn't add it to positionOf, which makes it worthless, in addition it burns all the nfts of the user which means they lost all assets. --- The text was updated successfully, but these errors were encountered: All reactions...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by