6 matches found
CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
Race Condition
Overview nvidia-resiliency-ext is a NVIDIA Resiliency Package Affected versions of this package are vulnerable to Race Condition in the checkpointing core. An attacker can gain unauthorized access to sensitive information, modify data, disrupt service availability, or escalate privileges by...
SQL Injection
Overview llama-index-vector-stores-clickhouse is a LlamaIndex VectorStores Integration: ClickHouse Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized acces...
Out-of-bounds Write
Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Out-of-bounds Write through the evaluation of AugAssign statements in conjunction with dynamic array operations. An attacker can cause an out-of-bounds write by manipulating the...
PYSEC-2025-31
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
PT-2024-34884 · Authkit +1 · Authkit +1
Name of the Vulnerable Software and Affected Versions: AuthKit library for Remix versions prior to 0.4.1 Description: The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue. Al...