Writeup Exploits

62,859 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-41675 WRITEUP HIGH
xmldom: XML node injection through unvalidated processing instruction serialization
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence ?>. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output. This issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.
CVSS 7.5
CVE-2026-42217 WRITEUP CRITICAL
OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.
CVSS 9.8
CVE-2018-13127 WRITEUP HIGH
SP8DE PreSale Token - Integer Overflow in Mint Function
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
CVE-2018-13128 WRITEUP HIGH
Etherty Token - Integer Overflow in Mint Function
Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
CVE-2018-13130 WRITEUP HIGH
Bitotal - Integer Overflow in mintTokens Function
Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
CVE-2018-13131 WRITEUP HIGH
SpadePreSale - Integer Overflow in Mint Function
SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
CVE-2018-13132 WRITEUP HIGH
spadeico - Integer Overflow in Mint Function
Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
CVE-2018-13156 WRITEUP HIGH
bonustoken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13157 WRITEUP HIGH
CryptonitexCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13158 WRITEUP HIGH
AssetToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13159 WRITEUP HIGH
bankcoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13160 WRITEUP HIGH
etktokens - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13161 WRITEUP HIGH
MultiGames - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13162 WRITEUP HIGH
alex - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13163 WRITEUP HIGH
Ethernet Cash - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13164 WRITEUP HIGH
EPPCOIN - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13165 WRITEUP HIGH
JustDCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13166 WRITEUP HIGH
AthletiCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13167 WRITEUP HIGH
YU GI OH - Integer Overflow
The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13168 WRITEUP HIGH
NetkillerBatchToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13169 WRITEUP HIGH
Ethereum Cash Pro Coin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13170 WRITEUP HIGH
Snoqualmiecoin - Integer Overflow
The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13171 WRITEUP HIGH
LadaToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13172 WRITEUP HIGH
bzxcoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13173 WRITEUP HIGH
EliteShipperToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5