Lucene search
K

6 matches found

Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.15 views

User able to steal all votes escrowed in LockingVault due to downcasting

Lines of code Vulnerability details Even though the LockingVault is considered out of scope, it contains very serious vulnerability allowing anyone to steal ALL Arcade voting tokens. The vulnerability is possible due to downcasting amount to withdraw to uint96. In case that the amount of tokens...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.7 views

first user can steal everyone else's tokens

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A user who joins the systems first stakes first can steal everybody's tokens by sending tokens to the system externally. This attack is possible because you enable staking a small amount of tokens. Proo...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.15 views

Re-entrancy in _createDeposit allows stealing tokens

Handle cmichel Vulnerability details The Vault.createDeposit function first caches the current total shares and underlying, and then iterates over all claims using a call to createClaim. Only afterwards, does it pull in the required total amount in the deposit. function depositDepositParams...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/02/17 4:58 p.m.26 views

Slack: Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain

@fransrosen discovered a vulnerability which would allow an attacker running a malicious site to steal XOXS tokens. We resolved the postMessage and call-popup redirect issues, and performed a thorough investigation to confirm that this had never been exploited. Thanks @fransrosen for an interesti...

1.3AI score
Exploits0
Rows per page
Query Builder