Couple of bugs originating in Solana's JIT: one an optimization issue, the other a bad instruction choice, both found through fuzzing.
An access control issue in a fallback price oracle contract.Under normal circumstances, Aave V3 will try to use chainlink oracle for getting price information...
By hiding a cross-site-scripting attack in the profile update functionality, specifically the profile image.Judging from the payload it looks like a straight-forward unescaped input that gets reflected on profile pages, though they did need to contend with Cloudflare's WAF...