CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

39 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-6010

Malware in sbrugna...

9.8CVSS9.5AI score0.00411EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-15406

Malware in sbrugna...

9.1CVSS9AI score0.00372EPSS

Exploits1References2

Code423n4•added 2023/09/06 12:0 a.m.•8 views

The Rdpx V2 Core contract functionality blocking

Lines of code Vulnerability details Impact The RdpxV2Core contract functionality can be blocked as long as the contract WETH balance is less than totalWethDelegated. This can happen even without malicious activities. Proof of Concept The sync function of the RdpxV2Core contract has a special...

Code423n4•added 2023/08/10 12:0 a.m.•9 views

Failed transfer with low level call could be overlooked

Lines of code Vulnerability details Impact In LendingLedger.sol and votingEscrow.sol, low level call made using the call, According to the Solidity docs, "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as pa...

Code423n4•added 2023/08/10 12:0 a.m.•4 views

Sencond hand Delegatee can Withdraw before owner undelegates

Lines of code Vulnerability details Impact When an original depositor delegates to another address, the new address can call withdraw before the delegator undelegates. Proof of Concept requirelocked.amount 0, "No lock"; requirelocked.end Attack Scenerio: 1. When an original depositor creates a...

Code423n4•added 2023/07/14 12:0 a.m.•5 views

All Ether sent to LSP0ERC725Account will be permanently locked

Lines of code Vulnerability details Impact All Ether sent to LSP0ERC725Account will be permanently locked because it inherits the receive function from the LSP0ERC725AccountCore contract but does not have a withdraw function. Proof of Concept All Ether sent to LSP0ERC725Account will be permanentl...

Code423n4•added 2023/07/13 12:0 a.m.•9 views

The NounsDAOLogicV3.sol contract has a receive function but no withdraw function.

Lines of code Vulnerability details Impact All Ether sent to the NounsDAOLogicV3.sol will be locked in the contract because it implements a receive function without a withdraw function. Proof of Concept The NounsDAOLogicV3.sol contract implements the receive function but does not have a withdraw...

Code423n4•added 2023/05/15 12:0 a.m.•12 views

Inconsistent check for LP balance in AMO

Lines of code Vulnerability details Inconsistent check for LP balance in AMO While pulling LP tokens from the CVXStaker contract, the AMO queries the current available balance using the staked balance, which is inconsistent with the implementation of the withdraw function. Impact Curve LP tokens...

Code423n4•added 2023/05/08 12:0 a.m.•25 views

Mitigation Confirmed for H-06

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of H-06: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings588 Comments Issue H-06 describes the potential problems of assuming a peg of stETH to ETH. The sponsor proposed a mitigation to fetch the price of...

Code423n4•added 2023/03/30 12:0 a.m.•8 views

Derivative Pool Issue can Lead to Loss User Funds when Unstaking

Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...

Code423n4•added 2023/03/30 12:0 a.m.•10 views

Incorrect parameter in withdraw function

Lines of code Vulnerability details Impact An incorrect parameter is used in the withdraw function in SfrxEth.sol. The amount variable is used when the frxEthBalance variable should be used to calculate minOut. The amount that gets swapped at the FRXETHCRVPOOLADDRESS is the frxEthBalance, not the...

Code423n4•added 2023/03/18 12:0 a.m.•10 views

_l1Receiver may lose the token amount

Lines of code Vulnerability details Impact l1Receiver lose the token amount Proof of Concept function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount; totalSupply -= amount; // Send the L2 log, ...

Code423n4•added 2023/03/17 12:0 a.m.•6 views

Reentrancy in validateTransaction function

Lines of code Vulnerability details Impact The contract can be called by an attacker several times until the money are depleted. The contract owner may suffer financial damages as a result of this vulnerability. Description The validateTransaction function in line 66-71 accepts external calls and...

NVD•added 2023/03/16 3:15 p.m.•8 views

CVE-2020-22647

An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions...

9.1CVSS9.2AI score0.00372EPSS

Exploits1References1

Positive Technologies•added 2023/03/16 12:0 a.m.•1 views

PT-2023-11626 · Unknown · Depositgame

Name of the Vulnerable Software and Affected Versions: DepositGame version 1.0 Description: An issue in DepositGame allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. Recommendations: For DepositGame version 1.0, consider disabling the GetBonusWithdr...

9.1CVSS7.1AI score0.00372EPSS

Exploits1References4

Code423n4•added 2023/01/20 12:0 a.m.•12 views

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

Code423n4•added 2022/10/30 12:0 a.m.•7 views

Calling repay function sends less DOLA to Market contract when forceReplenish function is not called while it could be called

Lines of code Vulnerability details Impact When a user incurs a DBR deficit, a replenisher can call the forceReplenish function to force the user to replenish DBR. However, there is no guarantee that the forceReplenish function will always be called. When the forceReplenish function is not called...

Code423n4•added 2022/09/23 12:0 a.m.•12 views

Missing ReEntrancy Guard to Withdraw function

Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...

Code423n4•added 2022/09/23 12:0 a.m.•10 views

User will lose rewards

Lines of code Vulnerability details Impact User will lose there rewards even when vesting period has completed. Also the reward will get stuck in the contract with no one able to retrieve them Proof of Concept 1. Admin creates a new claim using createClaim function function createClaim address...

Code423n4•added 2022/09/23 12:0 a.m.•5 views

Race condition on vesting revokes

Lines of code Vulnerability details Impact Race condition with vesting revokes, frontrunning decides who gets the funds. Proof of Concept An admin can revoke a vesting for a given receiver. Revoking will disallow the receiver to get his already released tokens since active will be set to false an...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by