EUVD-2024-34282

Malicious code in bioql PyPI...

CVE-2024-11876

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...

CVE-2024-31695

A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint...

CVE-2024-11876

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...

CVE-2024-11876 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...

CVE-2024-11876

CVE-2024-11876 affects the Kredeum NFTs WordPress plugin (up to version 1.6.9) via a Stored XSS in the kredeum_opensky shortcode due to insufficient input sanitization/output escaping. Exploitation requires contributor+ access; attack injects script in pages viewed by users. Connected records con...

CVE-2024-11876 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...

PT-2024-17312 · WordPress · Kredeum Nfts

Name of the Vulnerable Software and Affected Versions: Kredeum NFTs versions up to, and including, 1.6.9 Description: The Kredeum NFTs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum opensky' shortcode due to insufficient input sanitization and output...

WordPress plugin Kredeum NFTs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Kredeum NFTs plugin <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Kredeum NFTs versions = 1.6.9...

5 Best Crypto Marketing Agencies for Web3 Security Brands in 2024

By Uzair Amir It seems each week brings news of another attack - millions drained from DeFi protocols, NFTs swiped, and… This is a post from HackRead.com Read the original post: 5 Best Crypto Marketing Agencies for Web3 Security Brands in 2024...

GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs

By Uzair Amir Curious to learn how GoMining is pioneering the democratization of crypto mining? Read on as we explore their approach, technicals, and how they ensure safety for their users. This is a post from HackRead.com Read the original post: GoMining Review: This Platform Makes Bitcoin Minin...

Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All

By Uzair Amir Blockchains lack true randomness, hindering applications like fair games, DeFi, and NFTs. Pyth Networks "Pyth Entropy" solves this… This is a post from HackRead.com Read the original post: Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All...

Interpol Nets $300 Million, Arrests 3,500 in Major Cyber Crime Bust

By Deeba Ahmed From NFTs to Sextortion: AI & Deepfakes Fuel New Scams Exposed in Interpol Cyber Sting - The global arrests were part of Interpol's operation HAECHI IV. This is a post from HackRead.com Read the original post: Interpol Nets $300 Million, Arrests 3,500 in Major Cyber Crime Bust...

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()

Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...

The protocol is susceptible to reentrancy attacks.

Lines of code Vulnerability details Reentrancy is a well know bug in smart contract and the protocol is not handling it, The safeMint function in ERC721 make a callback to the receiver checking if they can hold a nft, this can be used to a receiver to take control of the execution of the call. in...

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...

ETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k Stolen

By Deeba Ahmed The hacker enticed victims with a malicious link, promising free commemorative NFTs and stole all the funds once they connected their wallets. This is a post from HackRead.com Read the original post: ETH Founder Vitalik Buterins X Twitter Hacked, $700k Stolen...

Digital assets continue to be prime target for malvertisers

Cyber-criminals continue to impersonate brands via well-crafted phishing websites. We previously covered attacks on both consumers and businesses via online searches for popular brands leading to scams or malware. Digital assets such as cryptocurrencies or NFTs are highly coveted by threat actors...