shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the management tables for PaymentMethods, Currencies, and Carriers rendering inline switching options and...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: The reloc control parameter is not set if the transaction commit fails in preparetorelocate. In btrfsrelocateblockgroup, the rc parameter is allocated. Then, btrfsrelocateblockgroup calls relocateblockgroup, which calls...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992521 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in preparetorelocate In...

EUVD-2022-0528

Malicious code in bioql PyPI...

CVE-2025-48886 hydra-node dangerously assumes L1 event finality and does not consider failed transactions

Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...

DEBIAN-CVE-2022-50067

In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in preparetorelocate In btrfsrelocateblockgroup, the rc is allocated. Then btrfsrelocateblockgroup calls relocateblockgroup preparetorelocate setreloccontrol that assigns rc ...

CVE-2024-55641 xfs: unlock inodes when erroring out of xfs_trans_alloc_dir

In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfstransallocdir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS dm-0: metadata I/O error in...

UBUNTU-CVE-2024-26792

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in...

CoreRootRouter.executeDepositSingle FUNCTION REVERTS FOR SINGLE ASSETS DEPOSITS THUS FAILING THE TRANSACTION

Lines of code Vulnerability details Impact The RootBridgeAgent.lzReceiveNonBlocking function calls the respective RootBridgeAgentExecutor functions based on the flag parsed via the payload0. The payload0 == 0x02 stands for the Call with Deposit remote call. The...

Gas that was sent by LayerZero can get stuck in the contract in some cases

Lines of code Vulnerability details If a tx on the destination chain calls back the chain from where the transaction was initiated by the user, the first transaction on the source chain needs to "airdrop" gas to the destination chain so it is able to call back the source chain. The problem is tha...

Airdropped Gas will remain in the Agent in case of failure

Lines of code Vulnerability details Impact The protocol uses LayerZeros Airdrop mechanism to send gas to BridgeAgents which they need to pay for subsequential cross-chain-messages. If the transaction on the receiver fails, this airdropped gas will remain in the BridgeAgent and can be used up by t...

lack of failsafe mechanism to replay the failed transaction between source chain and destination chain. This would lead to loss of funds to user when transaction is failed.

Lines of code Vulnerability details Impact When the transaction fails in any of chain source or destination, it never be replayed. This would lead to loss of assets if the the transaction is target for token transfer. Similarly other issue can happen. Proof of Concept Centrifuge used the cross...

Tokens transferred with bridge can get lost if destination transaction can’t be executed

Lines of code Vulnerability details Impact User could lost his tokens, if tx on destination chain will failrevert. There is no option to recover the tokens on source chain. Revert could be cause by function attachThreshold. This function finds the correspondence between the amount and threshhold...

All transactions with Ether to NounsDAOExecutor::executeTransaction() function will fail.

Lines of code Vulnerability details Impact All transactions with Ether to the NounsDAOExecutor::executeTransaction function will fail because it does not have the payable keyword. Proof of Concept The executeTransaction function of the NounsDAOExecutor contract does not have the payable keyword s...

distributeRewards can revert because of the too strict slippage check

Lines of code Vulnerability details Impact The report highlights that the distributeRewards function can revert due to a strict slippage check. The provided proof of concept demonstrates the issue, where the slippage is set to 98%, leading to potential transaction failures. Proof of Concept...

Risk of Gas Limit Exceedance During Proposal Sorting

Lines of code Vulnerability details Impact The array of up to 10 proposals using the insertion sort algorithm in insertionSortProposalsByVotes function in the StandardFunding.sol contract but, if the number of proposals exceeds 10, the sorting process may cause the function to exceed the block ga...

Not having enough ETH may cause the transaction to fail

Lines of code Vulnerability details Impact The transaction will fail due to not having enough ETH. Proof of Concept When the proposal is executed, the protocol will call the function DAO.execute.The DAO protocol also supports sending ETH to external contract as the following code. bool success,...

Transaction failure due to out of gas.

Lines of code Vulnerability details Impact Transaction failure due to out of gas. Proof of Concept The DAO protocol allows users to deposit any tokens.If a bad actor create a fake token and deposit to the protocol,then contact the appropriate person for a refund. A malicious person adds malicious...

msg.sender token balance is not checked before calling safeTransferFrom function

Lines of code Vulnerability details Impact createAuction FUNCTION and bid FUNCTION: Without checking the msg.sender token balance the transfer function may be failed to transfer token from msg.sender to contract address . this may cause a transactions failures. Same instance in 2 times PROOF OF...

LayerZero Channel can be blocked by an attacker

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the source and destination is blocked. Before any new transactions can be executed, the failed transaction has to b...