Lucene search
K

72 matches found

OSV
OSV
added 2022/08/01 11:15 a.m.1 views

CVE-2022-30616

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...

7.2CVSS5.8AI score0.00807EPSS
Exploits0References2
Prion
Prion
added 2022/08/01 11:15 a.m.16 views

Code injection

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...

5.8CVSS6.6AI score0.00807EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.4 views

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation has an elevation of privilege vulnerability that stems from improper...

8CVSS5.6AI score0.00807EPSS
Exploits0References3
CVE
CVE
added 2022/07/31 5:30 p.m.524 views

CVE-2022-30616

Summary: CVE-2022-30616 affects IBM Robotic Process Automation and IBM RPA for Cloud Pak/Service, with versions prior to 21.0.3 vulnerable. A privileged user could elevate privileges to platform administrator by manipulating APIs. Impact: high (privilege escalation) with CVSS base scores in the h...

8CVSS6.7AI score0.00807EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.2 views

CVE-2022-30616

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...

8CVSS5.7AI score0.00807EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2022/06/27 12:0 a.m.602 views

Mailhog 1.0.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on: Windows,Linux,Docker CV...

7.4AI score
Exploits0
OSV
OSV
added 2022/06/27 12:0 a.m.23 views

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

7.3CVSS6.4AI score0.02108EPSS
Exploits1References13
AlmaLinux
AlmaLinux
added 2021/11/09 9:39 a.m.33 views

Moderate: libsepol security update

The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy the policy compiler and similar tools, as well as by programs like loadpolicy that need to perform specific transformations on binary policies for example, customizing policy boolean...

3.3CVSS6AI score0.00592EPSS
Exploits4References5
Hacker One
Hacker One
added 2021/01/03 10:4 a.m.95 views

Logitech: Manipulating response leads to free access to Streamlabs Prime

Heyy team, I have a found cool bug which allows me to get access to streamlabs prime features for free. Here is the api endpoint which checks whether the user has a prime subscription or not: https://streamlabs.com/api/v5/user/prime/subscription json "isactive": false, "ispending": false,...

6.9AI score
Exploits0
CVE
CVE
added 2020/12/18 9:27 a.m.41 views

CVE-2020-26175

CVE-2020-26175 affects Tangro Business Workflow prior to 1.18.1. An attacker can manipulate the value of the PERSON parameter in requests to the /api/profile endpoint to change the profile information of other users. The root cause is an authorization/validation flaw that allows parameter tamperi...

6.5CVSS6.3AI score0.00659EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2015/10/30 12:0 a.m.34 views

Docker Remote API 未授权访问

介绍 docker 在使用集群管理如:Kubernetes,swarm时,要使用remote api对节点进行管理.remote api无认证时的默认端口是2375需要TLS认证默认登录是2376。 remote api默认是可以不需要认证能直接访问,能直接对docker进行操作,如新建容器,删除容器,查看镜像容器信息等... remote api操作方法见docker官方文档 检测docker remote api 未授权访问可以使用curl或者直接用浏览器访问 http://ip:2375/info 如果返回了json证明漏洞存在,如下图 其他参考链接...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/06 10:32 a.m.8 views

Moonpig API Vulnerability Exposes Payment Card Data

Moonpig, a U.K.-based company that sells personalized greeting cards, mugs, t-shirts and other novelties, has been taken to the woodshed for poor security practices by a researcher who claims it’s simple to pilfer user and payment card data through a wonky mobile app API. The company this morning...

7.5AI score
Exploits0References2
Rows per page
Query Builder