Lucene search
K

22 matches found

OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-53327

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

5.7AI score0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 1:32 p.m.32 views

CVE-2026-53327 debugobjects: Do not fill_pool() if pi_blocked_on

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

0.00172EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in tipcmonreinitself. syzbot reported a use-after-free of tipcnetnet-monitors in tipcmonreinitself. The array is protected by RTNL, but tipcmonreinitself iterates over it without using RTNL...

6.4AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:41 p.m.12 views

EUVD-2026-35152

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylinkconnectphy during probe and phylinkdisconnectphy during remove. It caused an RTNL assertion warning in...

5.4AI score0.00168EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/05 3:4 p.m.151 views

poc-step-finance-2026

Step Finance Stake Authority Compromise — PoC Educational...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/08 12:23 a.m.10 views

SUSE CVE-2025-40280

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

7CVSS6.5AI score0.00189EPSS
Exploits0References28
OSV
OSV
added 2025/12/06 9:51 p.m.11 views

CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

6.4AI score0.00189EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.13 views

PT-2025-49381

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free flaw within the TIPC Transparent Inter-Process Communication networking module, specifically in the tipc mon reinit self function. This issue w...

6CVSS6AI score0.00189EPSS
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.18 views

griefer can create maximum length time locks for other users with only dust

Lines of code Vulnerability details Description veOLAS is the voting token for the OLAS protocol. It functions like the curve.fi voting token in that a user gets more votes the longer they lock their tokens. A user can create a lock for themselves or have another user create a lock for them, usin...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.9 views

Rouge ward can remove auth permission from other wards and then remove themselves

Lines of code Vulnerability details In a protocol, the deny function is used to remove the ward permissions from an address. This is actually a serious thing to consider that can actually occur, if a ward contract or account is obtained and other wards are not aware, the rogue ward can actually...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

Fixed locking period of 5 years doesn't allow the delegator to withdraw funds for atleast another 5 years

Lines of code Vulnerability details Details Let's first understand how the process of delegation, withdraw and increaseAmount works 1. Rule 1: To delegate to some user A, A.lock.end needs to be longer than msg.sender.lock.end and A.Lock.end block.timestampLock mustn't be expired...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.11 views

executeTransaction function allows executing a queued transaction.

Lines of code Vulnerability details Impact The executeTransaction function allows executing a queued transaction. It requires the caller to be the admin, verifies the transaction's queue status and time lock, and executes the transaction. The use of target.call this can be exploit it by an attack...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-08: Issue NOT mitigated

Mitigated issue M-08: Possible DoS on unstake The issue is that a potential time-lock in Rocket Pool may cause RocketTokenRETHInterfacerethAddress.burnamount to revert, which prevents frequent withdrawals and unstakes. Mitigation review Reth.withdraw still calls...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.12 views

Upgraded Q -> M from #313 [1674663275698]

Judge has assessed an item in Issue 313 as M risk. The relevant finding follows: L-07 centralization risks The owner address of PoolAddressesProvider contract has control over many dangerous functions. Such as: setAddressAsProxy, setPoolConfiguratorImpl and updatePoolImpl which are responsable fo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.8 views

Compromised admin can instantly take all NFTs held in NToken contracts

Lines of code Vulnerability details Description executeAirdrop is a function admin may call in order to collect airdrops for NFTs held in ParaSpace's nToken contract. function executeAirdrop address airdropContract, bytes calldata airdropParams external override onlyPoolAdmin require...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.10 views

Owner can use changeTimewindow() in VaultFactory and deny other from depositing into the Vaults (As this parameter used in epoch start Time detection). owner can use this for his/her benefits when he sees there is an good opportunity. changing this parameters should be with time-lock mechanism

Lines of code Vulnerability details Impact Owner can control timewindow of a Vault and epoch and by that he can control deposits of others and owner can deny other from depositing into a Vault by increasing timewindow as if he saw any profit by that. changing this type of parameters should be don...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/12 12:0 a.m.11 views

There is no time lock mechanism in RariMerkleRedeemer and constructor of RariMerkleRedeemer contract don't check for maximum value for cTokenExchangeRates, if high value have been set by mistake then attacker can withdraw most of baseToken balance of contract immediately

Lines of code Vulnerability details Impact Exchange rates are used to calculate baseToken amounts that are going to be transferred to the user, if exchange rates are set as a very high number by mistake, an attacker can withdraw baseToken balance of the contract. there should be some checks in th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.11 views

C4-004 : Centralization Risk

112 comment Warden: defsec Impact - LOW The system is heavily relies on the ExecutorManager. Therefore, It contains centralization risk If the execution manager is EOA and captured. Proof of Concept 1. Navigate to the following contract...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/17 12:0 a.m.17 views

Manipulations of setFee

Lines of code Vulnerability details Impact If we consider that the fee variable is meaningfully applied, there will still be several problems with this: 1. Admin can setFee up to 100%. This is bad for users, fees should have a reasonable upper limit, e.g. 30% to prevent potential griefing. 2...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.11 views

Malicious owner can arbitrarily change fee to any % value

Handle 0xRajeev Vulnerability details Impact Tracer protocol like any other allows market creators to charge fees for trades. However, a malicious/greedy owner can arbitrarily change fee to any % value and without an event to observe this change or a timelock to react, there is no easy way for...

6.8AI score
Exploits0
Rows per page
Query Builder