Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

6 matches found

Positive Technologies
Positive Technologiesā€¢added 3 days agoā€¢7 views

PT-2026-47084

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid access token, refresh token pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read is used and called markAsUsed as an unconditional...

6.3CVSS5.6AI score
Exploits0References4
Code423n4
Code423n4ā€¢added 2023/08/28 12:0 a.m.ā€¢10 views

Loss of precision due to division occurring before multiplication across multiple statements leads to lesser number of receiving tokens

Lines of code Vulnerability details Impact Swaps and Deposits work with two tokens X and Y. The computed amount of tokens on the receiving end decrease due to this multi-statement loss of precision occurring due to division before multiplication. Note: This finding is different from the L-06 bot...

6.7AI score
Exploits0
Code423n4
Code423n4ā€¢added 2023/06/23 12:0 a.m.ā€¢6 views

Token pairs that are not whitelisted can be created as a pool

Lines of code Vulnerability details Class Medium Impact In the docs: Only token pairs on the whitelist can be created as a pool. Pool creation fails if the token pair is not on the whitelist. However, there is no logic that prevents from creating non-whitelisted pairs. The check is only happening...

6.5AI score
Exploits0
Code423n4
Code423n4ā€¢added 2023/05/15 12:0 a.m.ā€¢9 views

Precision differences when calculating the _startAuction of funds accumulated in RiskFund

Lines of code Vulnerability details Impact When calculating startAuction uint256 usdValue in RiskFund, Auction state divides the value of each market in the vToken list in token list precision. This skew is fine for most tokens but will cause problems with certain token pairs. Proof of Concept Wh...

6.6AI score
Exploits0
Code423n4
Code423n4ā€¢added 2021/12/23 12:0 a.m.ā€¢12 views

totalLiquidityWeight Is Updated When Adding New Token Pairs Which Skews Price Data For getVaderPrice and getUSDVPrice

Handle leastwood Vulnerability details Impact The addVaderPair function is called by the onlyOwner role. The relevant data in the twapData mapping is set by querying the respective liquidity pool and Chainlink oracle. totalLiquidityWeight for the VADER path is also incremented by the...

6.9AI score
Exploits0
Code423n4
Code423n4ā€¢added 2021/11/15 12:0 a.m.ā€¢8 views

Incorrect Price Consultation Results

Handle leastwood Vulnerability details Impact The TwapOracle.consult function iterates over all token pairs which belong to either VADER or USDV and then calculates the price of the respective asset by using both UniswapV2 and Chainlink price data. This helps to further protect against price...

7AI score
Exploits0
Rows per page
Query Builder