Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 10:7 p.m.13 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2026/05/13 10:7 p.m.14 views

CVE-2026-32991

CVE-2026-32991 arises from improper authorization checks of team member privileges in cPanel & WHM, enabling a team member to escalate to the team owner account. The PT Security entries consolidate multiple CVEs and indicate a patch will be released May 13, 1:00 PM EST, addressing CVE-2026-32991 ...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-2144

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.78 Description RustFS is a distributed object storage system built in Rust. A flaw in the deny only short-circuit within RustFS IAM allows a restricted service account or STS credential to...

7.1CVSS6.8AI score0.00378EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/22 11:12 a.m.8 views

CVE-2024-8017

An XSS vulnerability exists in open-webui/open-webui versions = 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their ow...

9CVSS6AI score0.00553EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.14 views

PT-2024-40505 · Burn · Burn

Name of the Vulnerable Software and Affected Versions: Burn versions affected versions not specified Description: The issue concerns the use of an unprotected directory, C:WindowsTemp, by Burn to copy and run binaries. This directory is accessible to low-privilege users, who can hijack binaries...

7.3CVSS6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.4 views

PT-2023-22090 · Unknown · Openfeature Operator

Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...

8.8CVSS8AI score0.00659EPSS
Exploits0References9
OSV
OSV
added 2022/09/21 8:15 p.m.4 views

CVE-2022-28802

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...

9.9CVSS5.9AI score0.00999EPSS
Exploits0References2
Rows per page
Query Builder