Lucene search
+L

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0169

Malware in sbrugna...

7.5CVSS6.4AI score0.0175EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.11 views

CVE-2022-28802

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...

9.9CVSS7.5AI score0.00999EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/01 3:29 a.m.6 views

Privilege Escalation

github.com/pipe-cd/pipecd is vulnerable to Insecure Permissions. The vulnerability is due to insecure permissions, which allow attackers to access the service account's token and escalate privileges...

9.8CVSS7.3AI score0.00457EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/21 12:0 a.m.6 views

CVE-2024-53350

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges...

7.4CVSS7.7AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.6 views

Zapier 安全漏洞

Zapier is a product of Zapier, Inc. that allows end users to integrate the We b applications they use and automate workflows. A security vulnerability exists in versions of Zapier prior to 2022-08-17 that stems from code written to allow in-account privilege escalation. An attacker exploited the...

9.9CVSS8.6AI score0.00999EPSS
Exploits0References3
Hacker One
Hacker One
added 2021/06/07 11:5 a.m.53 views

HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs

Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2015/05/03 12:0 a.m.45 views

用友软件旗下一网站存在一个Struts2漏洞可拿服务器

简要描述: 用友软件旗下一网站存在一个Struts2漏洞可拿服务器。主要因为漏洞不及时打上,账户权限过大。 详细说明: 今天闲来无事,在网上随意点了几下,发下了个漏洞。 存在漏洞的网址:http://pu.yonyouup.cn/login!loginIndexPage.action 漏洞证明: 首先,这是存在漏洞的网页:http://pu.yonyouup.cn/ 点进去后,会跳转到http://pu.yonyouup.cn/login!loginIndexPage.action ,于是我就猜想,是不是存在Struts2漏洞呢?就试了一下。 结果如图:...

7.1AI score
Exploits0
Rows per page
Query Builder