KoK

There appears to be a prototype-pollution source in the snaps codebase where user-controlled keys may be assigned directly into objects/state without filtering or sanitization. The vulnerable code paths are in...

feat: add Input validation to prevent ssrf in Notification Client

2

### Pull Request Description I have identified a Server-Side Request Forgery (SSRF) vulnerability in the notification client implementation where user-supplied input is directly incorporated into outgoing HTTP requests without proper...

_Arbitrary SQL Execution, Chain State Manipulation, Fund Theft_ ### Summary IBC Hooks WASM module where user-controlled data is improperly embedded into SQL queries without proper escaping. This allows an attacker...

fix(blueprint): Uncontrolled data used in path expression

1

https://github.com/pyload/pyload/blob/91c603b58d3b7b13a69d2e0e116543273d9db240/src/pyload/webui/app/blueprints/app_blueprint.py#L331-L331 Accessing files using paths constructed from user-controlled data can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker...

### Summary I found integer overflow/truncation vulnerability exists in multiple locations within Horcrux's configuration parsing and Raft store logic. This vulnerability allows an attacker to provide malicious input values that,...