LienToken.transferFrom There is a possibility of malicious attack

Lines of code Vulnerability details Impact Corrupt multiple key properties of public vault, causing vault not to function properly Proof of Concept When LienToken.makePayment/buyoutLien/payDebtViaClearingHouse If it corresponds to PublicVault, it will make multiple changes to the vault, such as:...

PT-2023-15901 · Unknown · Abhilash1985 Predictapp

Name of the Vulnerable Software and Affected Versions: abhilash1985 PredictApp affected versions not specified Description: A critical issue has been found in the Cookie Handler component of abhilash1985 PredictApp, affecting the processing of the file config/initializers/new framework defaults 7...

CVE-2016-15006

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

Golf may allow attacker to bypass CSRF protections due to weak PRNG

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

Cross site request forgery (csrf)

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

WordPress PCA Predict Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-40195

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in PCA Predict plugin = 1.0.3 at WordPress...

CVE-2022-40195

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in PCA Predict plugin = 1.0.3 at WordPress...

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in PCA Predict plugin = 1.0.3 at WordPress...

CVE-2022-40195

CVE-2022-40195 affects the WordPress PCA Predict plugin (versions <= 1.0.3). The vulnerability is an authenticated Stored XSS (admin+ level) due to insufficient sanitization/escaping of settings, enabling stored script execution. Evidence across sources confirms admin-priority access and the X...

CVE-2022-40195 WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in PCA Predict plugin = 1.0.3 at WordPress...

WordPress plugin PCA Predict 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress PCA Predict plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary...

PCA Predict <= 1.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

Insecure Cryptographic Function

ssh.net is vulnerable to Insecure Cryptographic Function. The vulnerability exists in Start function in KeyExchangeECCurve25519.cs due to the use of cryptographically insecure random number generator which allows an attacker to easily predict the generated pseudo-random values...

GHSA-JXFP-4RVQ-9H9M scikit-learn Denial of Service

svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service segmentation fault via a crafted model SVM introduced via pickle, json, or any other model permanence standard with a large value in the nsupport array. NOT...

PT-2022-17158 · Unknown · Telnetd Startup

Name of the Vulnerable Software and Affected Versions: telnetd startup daemon affected versions not specified Description: A null byte interaction error has been found in the telnetd startup daemon's code for constructing ephemeral passwords. This error allows an unauthenticated attacker on the...

Fortinet FortiPortal 安全特征问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for use by MSPs. versions, a security feature issue vulnerability exists that stems from the use o...

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...