CVE-2026-40585

blueprintUE prior to 4.2.0 generates a 128-character CSPRNG reset token and stores it with a password_reset_at timestamp. The token redemption function findUserIDFromEmailAndToken() only validates email+token, not whether password_reset_at falls within any expiry window, so a generated reset toke...

CVE-2026-40585

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

EUVD-2016-9863

Malware in sbrugna...

EUVD-2021-22977

Malware in sbrugna...

EUVD-2023-2365

Malicious code in bioql PyPI...

CLSA-2024-1725293298 kernel: Fix of 37 CVEs

tun: add missing verification for short frame CVE-2024-41091 - tap: add missing verification for short frame CVE-2024-41090 - drm/amd/display: Fix potential index out of bounds in color transformation function CVE-2024-38552 - net: fix dstnegativeadvice race CVE-2024-36971 - net: annotate...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Missing deadline checks

Lines of code Vulnerability details Consider addings implementation to handle the expiration of the transaction for additional security. To implement a transaction expiration mechanism in the emergencyWithdraw add a timestamp check to ensure that the transaction is executed only within a certain...

AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

Cross site request forgery (csrf)

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...

node-saml 代码问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A code issue vulnerability exists in Node-SAML versions prior to 4.0.5 that stems from not checking the current timestamp, and LogoutRequest XML can be reused multiple times...

updatedAt TIMESTAMP IS NOT USED TO DETECT STALE ORACLE PRICES

Lines of code Vulnerability details Impact The external Chainlink oracle, which provides index price information to the system, introduces risk inherent to any dependency on third-party data sources. For example, the oracle could fall behind or otherwise fail to be maintained, resulting in outdat...

ADMIN CAN CHANGE THE GSCAllowance BEFORE THE COOL DOWN PERIOD HAS PASSED

Lines of code Vulnerability details Impact The ArcadeTreasury.setGSCAllowance is used to set the GSC allowance for a token. This function is only callable by the contract admin. Even though this function is controlled by the admin, there is an additional restriction implemented, in the form of a...

Siemens SIMATIC NET CP 443-1 OPC UA Improper Input Validation (CVE-2016-9042)

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin...

Cancel auction does not get deleted leading to loss of quoteTokens

Lines of code Vulnerability details Impact A malicious seller can cancel the auction just after it has ended, receive their baseToken back and then call reveal to make bidders lose their tokens which is sent to address0. Since a.data.lowestQuote == typeuint128.max just before reveal call is made,...

CVE-2021-36357

An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...

Design/Logic Flaw

An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...

CVE-2021-36357

An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...