32 matches found
CVE-2026-3636
Mattermost CVE-2026-3636 affects versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x
CVE-2025-10184
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...
From Permissioned to Proof-of-Stake Consensus
This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the...
Depermissioning Web3: a Permissionless Accountable RPC Protocol for Blockchain Networks
In blockchain networks, so-called "full nodes" serve data to and relay transactions from clients through an RPC interface. This serving layer enables integration of "Web3" data, stored on blockchains, with "Web2" mobile or web applications that cannot directly participate as peers in a blockchain...
CVE-2023-21457
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...
CVE-2023-21296
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
PARSIQ’s Reactive Network Provides Solution for DeFi Exchange Vulnerabilities
Over the past few years, decentralised finance DeFi has revolutionised the financial sector. DeFi introduced transparent, permissionless and…...
Long term denial of service due to lack of fees in Well
Lines of code Vulnerability details Description The Well allows users to permissionless swap assets or add and remove liquidity. Users specify the intended slippage in swapFrom, in minAmountOut. The ConstantProduct2 implementation ensures Kend - Kstart = 0, where K = Reserve1 Reserve2, and the...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...
PoolSelector.computePoolAllocationForDeposit could return an unfair value.
Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...
Stader OPERATOR is single point of failure
Lines of code Vulnerability details Impact The OPERATOR role holds a lot of power within the system, which can compromise the both the system integrity and it's permission-less nature. Proof of Concept The OPERATOR key is responsible for confirming marking each validator submitted key as either...
Updating a pool's total points doesn't affect existing stake positions for rewards calculation
Lines of code Vulnerability details Impact Staking rewards are calculated based on the user's share of total points in the corresponding asset pool, this is the sum of the points associated to the staker's positions divided by the total points from all positions in the pool. We can see this...
Attacker can steal the NFT bought by sending it to another vault he control
Lines of code Vulnerability details Impact The mitigation of H-08 try to validate the vault returned by market with the VaultRegistry. However, it only validated if the vault exists, but not if it is the correct vault. A similar attack described in code-423n4/2022-12-tessera-findings47 can be...
The transferFeesFrom function does not check if the "from" address is the actual owner of the position before transferring the fees.
Lines of code Vulnerability details Impact The code Doesn't check if the from address is the owner of the position before transferring the fees. If the from address is not the owner of the position, an attacker could potentially transfer fees from another user's position without their permission...
User can redirect fees by using a proxy contract
Lines of code Vulnerability details Impact For any given tx, the fees are sent to its recipient To. Anybody can register an address using the Turnstile contract. Thus, a user is able to create a proxy contract with which they execute other smart contracts. That way, the fees are sent to their own...
Logic Flaw Vulnerability in TY-6201A of Sichuan Tianyi Kanghe Communication Co.
The TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. A logic flaw vulnerability exists in the TY-6201A of Sichuan Tianyi Kanghe Communication Company Limited, which can be exploited by an attacker to change a password without permission via a POST request for a specific path...
CVE-2022-20329
In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2022-33733
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...
Minter.sol#startInflation() can be bypassed
Lines of code Vulnerability details function startInflation external override onlyGovernance requirelastEvent == 0, "Inflation has already started."; lastEvent = block.timestamp; lastInflationDecay = block.timestamp; As lastEvent and lastInflationDecay are not initialized in the constructor, they...
[WP-H3] Lack of liquidation makes it possible for alToken to be undercollateralized
Lines of code Vulnerability details function liquidate address yieldToken, uint256 shares, uint256 minimumAmountOut external override lock returns uint256 onlyWhitelisted; checkArgumentshares 0; YieldTokenParams storage yieldTokenParams = yieldTokensyieldToken; address underlyingToken =...