CVE-2025-56207

A security flaw in the 'transfer' function of a smart contract implementation for Money Making Opportunity MMO, an Ethereum ERC721 Non-Fungible Token NFT project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721...

CVE-2025-56207

The CVE-2025-56207 entry concerns Money Making Opportunity (MMO), an Ethereum ERC-721 NFT project. The vulnerability is in the contract’s _transfer function, which can cause NFTs to be sent to the zero address, resulting in permanent asset loss and ERC-721 non-compliance. Affected details include...

CVE-2025-56207

A security flaw in the 'transfer' function of a smart contract implementation for Money Making Opportunity MMO, an Ethereum ERC721 Non-Fungible Token NFT project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721...

Money Making Opportunity 安全漏洞

Money Making Opportunity is a computer game by the individual developers of Etherscan. A security vulnerability exists in Money Making Opportunity, which stems from the transfer function that allows NFTs to be transferred to a zero address, potentially resulting in the loss of permanent assets...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1202)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1202 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

HTTP Request Smuggling

eventlet is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of HTTP trailer sections, which allows an attacker to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

SandCell: Sandboxing Rust beyond Unsafe Code

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...

CVE-2025-10988

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags bsc1238954. CVE-2022-50116: kernel: tty: ngsm: fix deadlock and link starvation in...

CVE-2025-10988

The connected PT-2025-39467 entry confirms a vulnerability in YunaiV ruoyi-vue-pro up to version 2025.09 affecting an unspecified portion of /crm/business/transfer and causing improper authorization. It can be exploited remotely, and an exploit is publicly available. The vendor has been notified ...

CVE-2025-10988 YunaiV ruoyi-vue-pro transfer improper authorization

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

CVE-2025-10988 YunaiV ruoyi-vue-pro transfer improper authorization

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

CVE-2025-10987

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987

YunaiV yudao-cloud (HTTP Request Handler) is affected by CVE-2025-10987 due to improper authorization in the /crm/contact/transfer file where the contactId parameter can be manipulated. The issue enables a remote attack and has publicly disclosed exploits. Multiple feeds confirm the vulnerability...

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

PT-2025-39466

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 2025.09 Description A flaw exists in YunaiV yudao-cloud that could lead to improper authorization. This issue is related to the HTTP Request Handler component and the /crm/contact/transfer file. The contact...