DRUPAL-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

User loss his delegated voting power after delegation to another user.

Lines of code Vulnerability details Vulnerability Details When a user delegate voting power to another user, his previous voting power from delegation has been ignored at getVotingPowerAt since in case isDelegated is true getVotingPowerAt returns 0. Impact Delegated voting power cannot be utilize...

Users can vote infinitely via delegation

Lines of code Vulnerability details Summary GaugeControllervoteforgaugeweights is designed to allow users to vote for gauge rewards based on the amount of $CANTO they have locked in the VotingEscrow contract. VotingEscrow includes functionality for users to delegate their voting power to another...

If user has delegated someone when locktime expires his tokens will be stuck forever.

Lines of code Vulnerability details Impact tokens will be stuck forever if user's locktime expired when his delegatee someone differant than him. Because he cannot withdraw his money also he cannot delegate himself too because his lock expired.Also he cannot use increaseamount for lockexpired and...

Signatures can be replayed in castVoteWithReasonAndParamsBySig() to use up more votes than a user intended

Lines of code Vulnerability details Bug Description In the SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts, users can provide a signature to allow someone else to vote on their behalf using the castVoteWithReasonAndParamsBySig function, which is in...

Semrush: IDOR allows information disclosure

A vulnerability in the Social Media Inbox tool's task tracker allowed information disclosure. The tool enables linking social accounts to oversee content and engage audiences. Its task tracker lets users delegate messages to colleagues. It was found a user could assign messages to any user ID,...

A malicious delegatee can always block the delegator from undelegating the lock

Lines of code Vulnerability details Impact A user who has delegated his/hers voting power to a delegatee can break his/hers delegate only by submitting a lock with a higher expiration time than the delegatee after a successful call to increaseUnlockTime function. After that, he has to call the...

CVE-2014-8143: Elevation of privilege to Active Directory Domain Controller

Description Samba's AD DC allows the administrator to delegate creation of user or computer accounts to specific users or groups. However, all released versions of Samba's AD DC did not implement the additional required check on the UFSERVERTRUSTACCOUNT bit in the userAccountControl attributes. A...