37 matches found
CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...
EUVD-2018-4013
Malware in sbrugna...
EUVD-2018-2839
Malware in sbrugna...
CVE-2025-30073
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee card...
Cosmos: Unauthorized coins transfer from locking account(s)
The Cosmos SDK was found to have a vulnerability that allowed unauthorized transfer of funds from locking accounts. The issue was specifically identified in the periodic-locking-account, but it was believed to affect other locking account types as well. The vulnerability stemmed from the way the...
CVE-2024-32873 evmos allows transferring unvested tokens after delegations
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0...
CVE-2023-47035
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations...
Buffer overflow
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations...
CVE-2023-47035
CVE-2023-47035 concerns RPTC version 0x3b08c, where the parameter tradingOpen lacks proper status checks. This underpins unauthorized transfer operations, with the likely impact described as high integrity risk and network exposure. Public documentation consistently states the flaw but provides n...
CVE-2023-47035
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations...
Users can add 6 decimal token funds for free
Lines of code Vulnerability details There is a logic error in convertDecimals function which means wrapping interactions for tokens with less than 18 decimals are processed incorrectly. The below is triggered in convertDecimals where the input parameter decimals is less than 18. If amountToConver...
Rocky Linux 8 : curl (RLSA-2021:3582)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3582 advisory. - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The...
Tokens could be stolen by specifying an unauthorized address.
Lines of code Vulnerability details Impact transferBetweenDelegators transfers tokens between proxy contract addresses without any validation. Tokens could be stolen by specifying an unauthorized address. Proof of Concept The issue with transferBetweenDelegators occurs here as we can see: functio...
Race condition in approve function can lead to more funds than intended being transferred
Lines of code Vulnerability details Impact The approve function from MToken.sol contains a front-running vulnerability that allows a user to spend more tokens than he should. Proof of Concept Lets take the following scenario: 1. Alice calls approveEve, 10. This permits Eve to spend 10 tokens from...
bypass flow limit by transferring tokens at epoch's boarder
Lines of code Vulnerability details Impact Token flow can reach 2flowlimit in a very short time. Proof of Concept We store the flow out and flow in tokens numbers for every epoch: / @dev Returns the slot which is used to get the flow out amount for a specific epoch @param epoch The epoch to get t...
Well.sol::skim() anyone can transfer excess funds to their account.
Lines of code Vulnerability details Description The skim is designed to transfer excess tokens held by the contract to a specified recipient. However, it lacks proper access control checks, allowing any user to initiate the transfer of excess tokens, regardless of ownership. This presents a...
Input validation and money transfer vulnerability with negative number
Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...
Anyone can transfer any tokens balance of Payment contract
Lines of code Vulnerability details Impact Anyone can transfer any tokens balance of Payment contract Proof of Concept 1. Someone send some tokens to Payment contract 2. Attacker will call sweepToken with token = token address, amountMinimum = Token balance of Payment contract and recipient = any...
arbitrary send erc20 safeTransferFrom
Lines of code Vulnerability details Impact uses arbitrary from in safeTransferFrom when msg.sender is not used as from in safeTransferFrom. Proof of Concept Alice approves this contract to spend her ERC20 tokens. Bob can call a and specify Alice's address as the from parameter in safeTransferFrom...
transferfrom with arbitrary from address allows attackers to receive tokens in L2 without paying
Lines of code Vulnerability details Impact In , the line token.transferFromfrom, escrow, amount; use an arbitrary from address. So an attacker can deposit victim's GTR token on L1, by using from address as victim's address, and receive equivalent tokens on L2 on attacker address. Proof of Concept...