Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
•added 2026/03/30 1:24 a.m.•1 views

CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/29 3:11 p.m.•2 views

Replay Attack

Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack via the stripe/charge file. An attacker can consume unlimited resources by replaying a valid credential containing the same spt token against a new challenge, causing the server to accept the replayed...

8.1CVSS5.9AI score0.00494EPSS
Exploits0References2
Code423n4
Code423n4
•added 2023/01/19 12:0 a.m.•12 views

commitToLien() can pass in an illegal payment token

Lines of code Vulnerability details Impact Stealing vault assets Proof of Concept There are currently two ways to create new Liens in the system 1. user call AstariaRouter.commitToLiens, the internal implementation of this is through VaultImplementation.commitToLien to create 2. user can call...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/19 12:0 a.m.•5 views

ClearingHouse can pass in a malicious payment token

Lines of code Vulnerability details Impact vault loss assets Proof of Concept When the auction is successful the NFT is transferred to the bidder and seaport calls ClearingHouse.safeTransferFrom to trigger the repayment of the debt through the conduit mechanism ClearingHouse.safeTransferFrom -...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2021/08/11 12:0 a.m.•11 views

Wrong aave usage of claimRewards

Handle jonah1005 Vulnerability details Impact Aave yield manager claims rewards with the payment token. According to aave's document, aToken should be provided. The aave rewards would be unclaimable. Proof of Concept YieldManager's logic: Reference: Tools Used None Recommended Mitigation Steps...

7AI score
Exploits0
Rows per page
Query Builder