Active Boosts

Zano Trade | IOP

Reports by Severity

Critical

  • #48436 [W&A-Critical] Dos is possible through the order creation api

  • #47728 [W&A-Critical] Server-Side Request Forgery (SSRF) Vulnerability in Next.js _app.tsx component

  • #47740 [W&A-Critical] Server-Side Request Forgery (SSRF) in `./src/pages/_app.tsx` via the Host header

Insight

  • #47731 [W&A-Insight] Offer Listings N+1 Query Performance Vulnerability

  • #47725 [W&A-Insight] JWT Security Vulnerability - Non-Expiring Tokens and CSRF Exposure

  • #47741 [W&A-Insight] Missing JWT_SECRET in Env Allows Token Forgery via Empty Secret

  • #47729 [W&A-Insight] Insecure Token Storage in SessionStorage

Reports by Type

Websites & Applications

  • #47731 [W&A-Insight] Offer Listings N+1 Query Performance Vulnerability

  • #47725 [W&A-Insight] JWT Security Vulnerability - Non-Expiring Tokens and CSRF Exposure

  • #47741 [W&A-Insight] Missing JWT_SECRET in Env Allows Token Forgery via Empty Secret

  • #48436 [W&A-Critical] Dos is possible through the order creation api

  • #47728 [W&A-Critical] Server-Side Request Forgery (SSRF) Vulnerability in Next.js _app.tsx component

  • #47729 [W&A-Insight] Insecure Token Storage in SessionStorage

  • #47740 [W&A-Critical] Server-Side Request Forgery (SSRF) in `./src/pages/_app.tsx` via the Host header

Previous#47125 [SC-Medium] Cross-Chain Signature Replay Attack in Settlement ContractNext#47728 [W&A-Critical] Server-Side Request Forgery (SSRF) Vulnerability in Next.js _app.tsx component

Was this helpful?