Lucene search
K

24 matches found

Malwarebytes
Malwarebytes
•added 2025/10/24 1:35 p.m.•6 views

Is AI moving faster than its safety net?

You’ve probably noticed that artificial intelligence, or AI, has been everywhere lately—news, phones, apps, even in your browser. It seems like everything suddenly wants to be ā€œpowered by AI.ā€œ If it’s not, it’s considered old school and boring. It’s easy to get swept up in the promise: smarter...

7.2AI score
Exploits0
Cvelist
Cvelist
•added 2024/05/07 9:2 p.m.•36 views

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

8.4CVSS8.6AI score0.00368EPSS
Exploits0References1
NVD
NVD
•added 2024/02/06 1:15 a.m.•19 views

CVE-2023-47889

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

7.8CVSS7.5AI score0.00274EPSS
Exploits1References1
Code423n4
Code423n4
•added 2023/09/14 12:0 a.m.•16 views

Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/11 12:0 a.m.•5 views

Unchecked Arithmetic Allows Nonce Replay

Lines of code Vulnerability details Vulnerability details The problem is the unchecked increment operation: ++nonce.value;. When nonce.value is already at its maximum value 2^256 - 1, incrementing it will wrap around to zero due to integer overflow. This means that if an attacker sends a...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/11 12:0 a.m.•12 views

Unchecked return value of low level

Lines of code Vulnerability details In the code you provided earlier, there is a potential "Unchecked return value of low-level call" vulnerability in the following line: addressstrategy.delegatecallabi.encodeWithSignature"harvest"; This line of code uses the delegatecall function to invoke the...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
•added 2023/06/07 5:16 p.m.•7 views

CVE-2023-34108 Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted...

8.8CVSS8.6AI score0.00979EPSS
Exploits0References3
Code423n4
Code423n4
•added 2023/04/09 12:0 a.m.•12 views

totalVotingPower needs to be snapshotted for each proposal because it can change and thereby affect consensus when accepting / vetoing proposals

Lines of code Vulnerability details Impact This issue does not manifest itself in a limited segment of the code. Instead it spans multiple contracts and derives its impact from the interaction of these contracts. In the PoC section I will do my best in explaining how this results in an issue. I...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/02 12:0 a.m.•7 views

Unchecked External Call Vulnerability in ownerOf Function Call.

Lines of code Vulnerability details Impact In the worst-case scenario, if the ownerOf function call reverts due to a security vulnerability in the ERC721 contract, the caller's data could be manipulated, and their funds could be at risk. This could lead to a loss of funds for users who have...

7.2AI score
Exploits0
Hacker One
Hacker One
•added 2022/12/21 3:21 a.m.•3 views

Nintendo: [MK8DX] Improper ranking/replay file parsing

The vulnerability in the Mario Kart 8 Deluxe game involved improper ranking and replay file parsing. This allowed for potential exploitation, leading to potentially unintended consequences...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/13 12:0 a.m.•13 views

PriceOracle Does Not Filter Price Feed Outliers

Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...

7AI score
Exploits0
Huntr
Huntr
•added 2021/11/25 10:58 p.m.•28 views

Heap-based Buffer Overflow in allinurl/goaccess

Description Good evening and Happy Turkey Day! We are truly thankful for the Open Source Security community this year. Whilst testing goaccess built from commit 9774249, we discovered a crafted log which can trigger a heap-buffer-overflow during a memcmp operation on line 1525 of /src/parser.c...

0.1AI score
Exploits0
Huntr
Huntr
•added 2021/06/23 7:41 a.m.•7 views

Heap-based Buffer Overflow in rup0rt/pcapfix

Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 1571 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==618350==ERROR:...

7.1AI score
Exploits0References1
wpexploit
wpexploit
•added 2020/11/22 12:0 a.m.•31 views

WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation

The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...

0.5AI score
Exploits0References2
Schneier on Security
Schneier on Security
•added 2020/06/26 12:0 p.m.•19 views

The Unintended Harms of Cybersecurity

Interesting research: "Identifying Unintended Harms of Cybersecurity Countermeasures": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures technologies or procedures to manage risks to their services or systems. In some cases, those countermeasures will produce unintended...

2AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2019/08/12 12:0 a.m.•25 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : pki-core Vulnerability (NS-SA-2019-0063)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pki-core packages installed that are affected by a vulnerability: - Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny...

8.1CVSS7.6AI score0.01516EPSS
Exploits0References2
Prion
Prion
•added 2018/07/03 1:29 a.m.•21 views

Design/Logic Flaw

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

6.8CVSS8.1AI score0.01516EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
•added 2018/07/03 1:29 a.m.•22 views

CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

8.1CVSS7AI score0.01516EPSS
Exploits0References3
OSV
OSV
•added 2018/07/03 1:29 a.m.•18 views

CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

8.1CVSS7.4AI score0.01516EPSS
Exploits0References4
Debian CVE
Debian CVE
•added 2018/07/02 6:0 p.m.•19 views

CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

8.1CVSS7.9AI score0.01516EPSS
Exploits0
Rows per page
Query Builder