Lucene search
K

32 matches found

CVE
CVE
added 2026/05/22 10:23 a.m.26 views

CVE-2026-3636

Mattermost CVE-2026-3636 affects versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/23 1:15 p.m.5 views

CVE-2025-10184

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...

8.2CVSS0.0367EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.9 views

From Permissioned to Proof-of-Stake Consensus

This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.5 views

Depermissioning Web3: a Permissionless Accountable RPC Protocol for Blockchain Networks

In blockchain networks, so-called "full nodes" serve data to and relay transactions from clients through an RPC interface. This serving layer enables integration of "Web3" data, stored on blockchains, with "Web2" mobile or web applications that cannot directly participate as peers in a blockchain...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:10 a.m.4 views

CVE-2023-21457

Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission...

8.1CVSS6.7AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.5 views

CVE-2023-21296

In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

5.5CVSS6.5AI score0.00096EPSS
Exploits0References1
HackRead
HackRead
added 2025/01/21 4:33 p.m.7 views

PARSIQ’s Reactive Network Provides Solution for DeFi Exchange Vulnerabilities

Over the past few years, decentralised finance DeFi has revolutionised the financial sector. DeFi introduced transparent, permissionless and…...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.10 views

Long term denial of service due to lack of fees in Well

Lines of code Vulnerability details Description The Well allows users to permissionless swap assets or add and remove liquidity. Users specify the intended slippage in swapFrom, in minAmountOut. The ConstantProduct2 implementation ensures Kend - Kstart = 0, where K = Reserve1 Reserve2, and the...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...

6.5CVSS5.8AI score0.00575EPSS
Exploits0References6
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.17 views

PoolSelector.computePoolAllocationForDeposit could return an unfair value.

Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.8 views

Stader OPERATOR is single point of failure

Lines of code Vulnerability details Impact The OPERATOR role holds a lot of power within the system, which can compromise the both the system integrity and it's permission-less nature. Proof of Concept The OPERATOR key is responsible for confirming marking each validator submitted key as either...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.12 views

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Lines of code Vulnerability details Impact Staking rewards are calculated based on the user's share of total points in the corresponding asset pool, this is the sum of the points associated to the staker's positions divided by the total points from all positions in the pool. We can see this...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/29 12:0 a.m.18 views

Attacker can steal the NFT bought by sending it to another vault he control

Lines of code Vulnerability details Impact The mitigation of H-08 try to validate the vault returned by market with the VaultRegistry. However, it only validated if the vault exists, but not if it is the correct vault. A similar attack described in code-423n4/2022-12-tessera-findings47 can be...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/26 12:0 a.m.12 views

The transferFeesFrom function does not check if the "from" address is the actual owner of the position before transferring the fees.

Lines of code Vulnerability details Impact The code Doesn't check if the from address is the owner of the position before transferring the fees. If the from address is not the owner of the position, an attacker could potentially transfer fees from another user's position without their permission...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/25 12:0 a.m.8 views

User can redirect fees by using a proxy contract

Lines of code Vulnerability details Impact For any given tx, the fees are sent to its recipient To. Anybody can register an address using the Turnstile contract. Thus, a user is able to create a proxy contract with which they execute other smart contracts. That way, the fees are sent to their own...

7AI score
Exploits0
CNVD
CNVD
added 2022/09/30 12:0 a.m.25 views

Logic Flaw Vulnerability in TY-6201A of Sichuan Tianyi Kanghe Communication Co.

The TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. A logic flaw vulnerability exists in the TY-6201A of Sichuan Tianyi Kanghe Communication Company Limited, which can be exploited by an attacker to change a password without permission via a POST request for a specific path...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.7 views

CVE-2022-20329

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.8CVSS7.2AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/05 4:15 p.m.5 views

CVE-2022-33733

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

6.2CVSS5.8AI score0.00173EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.12 views

Minter.sol#startInflation() can be bypassed

Lines of code Vulnerability details function startInflation external override onlyGovernance requirelastEvent == 0, "Inflation has already started."; lastEvent = block.timestamp; lastInflationDecay = block.timestamp; As lastEvent and lastInflationDecay are not initialized in the constructor, they...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/18 12:0 a.m.13 views

[WP-H3] Lack of liquidation makes it possible for alToken to be undercollateralized

Lines of code Vulnerability details function liquidate address yieldToken, uint256 shares, uint256 minimumAmountOut external override lock returns uint256 onlyWhitelisted; checkArgumentshares 0; YieldTokenParams storage yieldTokenParams = yieldTokensyieldToken; address underlyingToken =...

6.8AI score
Exploits0
Rows per page
Query Builder