50 matches found
CVE-2026-5986
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...
CVE-2026-5986 Zod jsVideoUrlParser util.js getTime redos
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
CVE-2026-35584 FreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and Enumeration
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
PT-2026-30895
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversation id/thread id does not require authentication and does not validate whether the given thread id belongs to the given conversation id. This allows any...
nodejs: Nodejs filesystem permissions bypass
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...
Incorrect Provision of Specified Functionality
Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...
UBUNTU-CVE-2025-55132
A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...
MiracleLinux 8 : libreoffice-6.4.7.2-10.el8.ML.1 (AXSA:2022-3720:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3720:01 advisory. libreoffice: Content Manipulation with Double Certificate Attack CVE-2021-25633 libreoffice: Timestamp Manipulation with Signature Wrapping...
Open Source Social Network 安全漏洞
Open Source Social Network OSSN is a source social network engine from the Swiss OSSN team. A security vulnerability exists in Open Source Social Network OSSN version 8.6, which stems from an incorrect manipulation of the parameter timestamp in the file /action/rtcomments/status, which could lead...
EUVD-2020-17546
Malware in sbrugna...
EUVD-2021-9354
Malicious code in bioql PyPI...
EUVD-2021-28832
Malicious code in bioql PyPI...
Timestamp Manipulation: Timestamp-Based Nakamoto-Style Blockchains Are Vulnerable
Nakamoto consensus are the most widely adopted decentralized consensus mechanism in cryptocurrency systems. Since it was proposed in 2008, many studies have focused on analyzing its security. Most of them focus on maximizing the profit of the adversary. Examples include the selfish mining attack ...
GHSA-W9MH-5X8J-9754 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Impact The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when determining whether or not to include a truncated version of the original...
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Impact The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when determining whether or not to include a truncated version of the original...
the _rngCompletedAt timestamp passed to rngComplete() can be manipulated by the caller to increase their reward
Lines of code Vulnerability details Impact This will result in a larger reward fraction, allowing the caller to unfairly claim more of the rewards. Proof of Concept The rngCompletedAt timestamp is controlled by the caller. They can make auctionElapsedSeconds smaller by providing a higher...
_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities
Lines of code Vulnerability details Impact The use of strict equalities can be easily manipulated by an attacker. Miners may attempt to manipulate the timestamp. Proof of Concept File: TwabLib.sol Code Link: Code: if newestObservation.timestamp == currentTime File: TwabLib.sol Code Link: Code: if...
Buffer overflow
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order...
Timestamp manipulation affects DNSSEC records on contracts/dnssec-oracle/DNSSECImpl.sol
Lines of code Vulnerability details Impact timestamp parameter to validate DNSSEC records. The timestamp parameter is passed as an argument to the verifyRRSIG function, which is responsible for verifying that the DNSSEC record is valid at a specific point in time. If the timestamp parameter can b...