CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

PT-2025-36492

Name of the Vulnerable Software and Affected Versions: KioSoft "Stored Value" Unattended Payment Solutions affected versions not specified Description: KioSoft "Stored Value" Unattended Payment Solutions utilize vulnerable NFC cards. An attacker could potentially modify the balance on these cards...

Service owners can accrue OLAS top-ups even when donating to their own services

Lines of code Vulnerability details Impact The basis of this exploit is the ability for a topUpEligible service owner — any registrant of a service who also stakes enough OLAS in the voting escrow contract — to accrue OLAS top-ups even when they donate to services that they own themselves. As lon...