CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

EUVD-2018-5143

Malware in sbrugna...

Owner can steal Concur rewards

Lines of code Vulnerability details Impact Owner can steal Concur rewards by adding a depositor and inflating other depositors' assigned balance of the token within the contract. Thus, the owner-managed depositor can get most all but one wei of the created tokens. Tools Used Manual analysis...

Owner of the BasketFacet can cause DoS for exitPool(...) function

Handle Czar102 Vulnerability details Impact Provided an owner can add any tokens to the basket, it may add a token, for which the owner can burn tokens from any account. Then, after adding the token to the basket, the owner may burn tokens so that token.balanceofBasketFacet will be below MINAMOUN...

Vesting benRevocable flag can be switched on and off by anyone and doesn't provide any additional control

Handle hyh Vulnerability details Impact Griefing attack is possible for revoke mechanics by calling vest with a tiny amount and zero isRevocable. This will switch revocable off for the whole vesting amount i.e. the whole set of timelocks flag is being set via last vest call. And vice versa,...

Owner can steal all Basket funds during auction

Handle 0xsanson Vulnerability details Impact The owner of Factory contract can modify the values of auctionMultiplier and auctionDecrement at any time. During an auction, these values are used to calculate newRatio and thereby tokensNeeded: specifically, it's easy to set the factory parameters so...

CVE-2018-13742

The mintToken function of a smart contract implementation for tickets TKT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13614

The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13518

The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

Integer overflow

The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13700

The CVE-2018-13700 issue affects IPMCoin—an Ethereum token—where the mintToken function of its smart contract contains an integer overflow. This vulnerability enables the contract owner to set any user’s balance to an arbitrary value. Documented in multiple sources (NVD/NVD entry for CVE-2018-137...

CVE-2018-13506

The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13767

The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13702

The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13186

The mintToken function of a smart contract implementation for MMTCoin MMT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...