# Zano Trade | IOP

## Reports by Severity

<details>

<summary>Critical</summary>

* \#48436 \[W\&A-Critical] Dos is possible through the order creation api
* \#47728 \[W\&A-Critical] Server-Side Request Forgery (SSRF) Vulnerability in Next.js \_app.tsx component
* \#47740 \[W\&A-Critical] Server-Side Request Forgery (SSRF) in \`./src/pages/\_app.tsx\` via the Host header

</details>

<details>

<summary>Insight</summary>

* \#47731 \[W\&A-Insight] Offer Listings N+1 Query Performance Vulnerability
* \#47725 \[W\&A-Insight] JWT Security Vulnerability - Non-Expiring Tokens and CSRF Exposure
* \#47741 \[W\&A-Insight] Missing JWT\_SECRET in Env Allows Token Forgery via Empty Secret
* \#47729 \[W\&A-Insight] Insecure Token Storage in SessionStorage

</details>

## Reports by Type

<details>

<summary>Websites &#x26; Applications</summary>

* \#47731 \[W\&A-Insight] Offer Listings N+1 Query Performance Vulnerability
* \#47725 \[W\&A-Insight] JWT Security Vulnerability - Non-Expiring Tokens and CSRF Exposure
* \#47741 \[W\&A-Insight] Missing JWT\_SECRET in Env Allows Token Forgery via Empty Secret
* \#48436 \[W\&A-Critical] Dos is possible through the order creation api
* \#47728 \[W\&A-Critical] Server-Side Request Forgery (SSRF) Vulnerability in Next.js \_app.tsx component
* \#47729 \[W\&A-Insight] Insecure Token Storage in SessionStorage
* \#47740 \[W\&A-Critical] Server-Side Request Forgery (SSRF) in \`./src/pages/\_app.tsx\` via the Host header

</details>