Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/03/18 3:46 a.m.26 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS0.00344EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.11 views

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.18 views

Ex-token holders are still able to cast votes on proposals under certain circumstances

Lines of code Vulnerability details When casting a vote, an address is limited to a certain amount of votes derived from ds.nouns.getPriorVotes. However, due to the nature of ds.nouns.getPriorVotes, the amount of votes available to an address solely depends on the amount of tokens they held when ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.8 views

Token holders can create as many proposals as they want if they already have an active proposal by transferring their token to another wallet.

Lines of code Vulnerability details The propose function on NounsDAOV3Proposals.sol has a check called checkNoActivePropds, msg.sender, which exists to prevent token holders from spamming the propose function. Furthermore, the proposeOnTimelockV1 function calls propose directly, making it...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.10 views

Malicious whale of forked DAO can prevent smaller token holders from creating proposals

Lines of code Vulnerability details The proposal threshold on a forked DAO can be set all the way up to 1,000 basis points. If this were the case, only whales would be able to make proposals on the forked DAO. Impact The likelihood of this is low, because in order to set the proposalThresholdBps ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.8 views

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

6.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/01 5:15 p.m.8 views

CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...

6.5CVSS6.6AI score0.00719EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/01 5:15 p.m.4 views

UBUNTU-CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...

6.5CVSS5.8AI score0.00719EPSS
Exploits0References4
Rows per page
Query Builder