CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/27 12:57 p.m.•5 views

CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

5.7AI score0.00123EPSS

Exploits0References9Affected Software1

EUVD•added 2026/05/27 12:57 p.m.•10 views

EUVD-2026-32431

5.8AI score0.00123EPSS

Exploits0References5

Code423n4•added 2023/06/22 12:0 a.m.•9 views

In case when not all RSR was sold on auction users can loose it

Lines of code Vulnerability details Impact In case when not all RSR was sold on auction users can loose it, if era was changed for them. Proof of Concept The purpose of StRSR stakers is to provide RSR tokens, that can back system in case if not enough collateral is present. During rebalance,...

Code423n4•added 2023/06/21 12:0 a.m.•7 views

StRSR.cancelUnstake doesn't call _payoutRewards before minting new shares

Lines of code Vulnerability details Impact StRSR.cancelUnstake doesn't call payoutRewards before minting new shares. As result this rewards will be distributed for new staker as well. Proof of Concept If user wants to cancel his withdraw, then he can call StRSR.cancelUnstake and mint new shares...

Code423n4•added 2023/06/20 12:0 a.m.•12 views

In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed

Lines of code Vulnerability details Impact In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed. Otherwise wrong distribution will be used. Proof of Concept BackingManager.forwardRevenue function sends revenue amount to the...

Code423n4•added 2023/06/09 12:0 a.m.•11 views

cancelUnstake lack payoutRewards before mint shares

Lines of code Vulnerability details cancelUnstake will cancel the withdrawal request in the queue can mint shares as the current stakeRate. But it doesn't payoutRewards before mintStakes. Therefor it will mint stRsr as a lower rate, which means it will get more rsr. Impact Withdrawers in the...

Code423n4•added 2023/06/09 12:0 a.m.•14 views

Oracle timeout at rebalance will result in a sell-off of all RSRs at 0 price

Lines of code Vulnerability details When creating the trade for rebalance, the RecollateralizationLibP1.nextTradePair uses uint192 low, uint192 high = rsrAsset.price; // UoA/tok to get the rsr sell price. And the rsr assert is a pure Assert contract, which price function will just return 0, FIXMA...

Code423n4•added 2023/06/07 12:0 a.m.•6 views

A new era might be triggered despite a significant value being held in the previous era

Lines of code Vulnerability details When RSR seizure occurs the staking and drafting rate is adjusted accordingly, if any of those rates is above some threshold then a new era begins draft or staking era accordingly, wiping out all of the holdings of the current era. The assumption is that if the...

Malwarebytes•added 2023/05/23 11:45 a.m.•52 views

Update now! Apple issues patches for three actively used zero-days

Apple has rolled out security updates for Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5, iPadOS 16.5, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6. Among the security updates were patches for three actively exploited zero-day vulnerabilities. All...

7.3AI score0.1653EPSS

Malwarebytes•added 2023/05/05 5:15 p.m.•15 views

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

On Monday, Apple released its first batch of Rapid Security Response RSR patches, iOS 16.4.1 a, iPadOS 16.4.1 a, and macOS 13.3.1 a, for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously,...

Code423n4•added 2023/02/17 12:0 a.m.•12 views

Unspent RSR can be stolen

Lines of code Vulnerability details Impact The BackingManager.handoutExcessAssets function sends all rsr that the BackingManager holds to the StRSR contract. This is done so that the rsr which is held by the BackingManager due to seizure from the StRSR contract can be sent back entirely to the...

Code423n4•added 2023/02/14 12:0 a.m.•12 views

StRSR: attacker can steal excess rsr that is returned after seizure

Lines of code Vulnerability details Note: This issue deals with excess rsr that was seized from stRSR but is returned again. The M-12 issue also deals with excess rsr. However M-12 deals with the fact that not all rsr is returned to stRSR, whereas this issue deals with the fact that an attacker c...

6.7AI score

Code423n4•added 2023/01/20 12:0 a.m.•7 views

stRSR.seizeRSR() should check whether the basket of collateral is defaulted

Lines of code Vulnerability details Impact Backing Manager can seize RSR anytime and not within reason. RSR stakers will lose their funds. Proof of Concept Protocol states that staked RSR can be seized in the case of a collateral default, in a process that is entirely mechanistic based on on-chai...

Code423n4•added 2023/01/20 12:0 a.m.•7 views

RSR will stuck + Withdrawal wont work

Lines of code Vulnerability details Impact Withdrawals will not work once seizeRSR is called. Also this will cause some RSR to become unusable as shown in POC Proof of Concept 1. Lets say 3 unstakes were made for stakeRSR 20,30,40 using unstake function by User A, B, C 2. This calls the pushDraft...

Code423n4•added 2023/01/20 12:0 a.m.•13 views

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

CNVD•added 2021/04/26 12:0 a.m.•1 views

Weak password vulnerability in the WEB management system of RSR routers of Ruijie Networks Co.(CNVD-2021-34228)

Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. A weak password vulnerability exists in the WEB management system of RSR routers of...

7.4AI score

CNVD•added 2021/03/25 12:0 a.m.•3 views

Weak Password Vulnerability in RSR Router WEB Management System of Ruijie Networks Co.

Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A weak password vulnerability exists in the RSR router WEB management system of Ruijie Networks Co. Ltd, which can be exploited by...

6.7AI score

CNVD•added 2021/03/21 12:0 a.m.•2 views

Command Execution Vulnerability in the WEB Management System of Riptide RSR Routers

Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A command execution vulnerability exists in the WEB management system of Ruijie RSR routers. An attacker can exploit this...

7.2AI score

CNVD•added 2021/02/27 12:0 a.m.•2 views

Command Execution Vulnerability in RG-RSR Series Routers

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products and storage. A command execution vulnerability exists in RG-RSR series routers, which c...

7.6AI score