Lucene search
K

76 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-57474

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS0.00279EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-57476

CVE-2026-57476 describes a vulnerability in Deloitte AI Assist for Customer where unauthenticated API endpoints allowed an attacker knowing specific parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. The issue was mitigated on 2026-03-25 by restricting...

6.3CVSS6.1AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 4 days ago6 views

CVE-2026-57475

Deloitte AI Assist for Customer had an unauthenticated POST vulnerability on public API endpoints that allowed a remote attacker to perform limited additions to the configuration. These changes were not used by the system. On 2026-03-25, access was restricted and authentication enforced for the e...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago13 views

EUVD-2026-42975

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42974

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-57474

The CVE entry CVE-2026-57474 concerns Deloitte AI Assist for Customer. Public-facing API endpoints accepted unauthenticated requests, exposing configuration information that could aid an attacker’s reconnaissance. The root cause is exposure of configuration data via unauthenticated access to API ...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
Wiz blog
Wiz blog
added 2025/09/12 12:0 p.m.5 views

DORA Compliance in the Cloud Era: Insights from Deloitte and Wiz

How to address DORA compliance challenges with Wiz and Deloitte...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/05/22 12:0 p.m.12 views

Deloitte’s Secure by Design (SbD) Approach – Enhanced with Wiz

How Deloitte and Wiz Enable End-to-End Security Without Slowing Down Development...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/26 12:0 p.m.8 views

Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz

Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments...

7.3AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2024/09/25 12:0 a.m.21 views

Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN

Privacy Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN Share September 25th, 2024 Hi Opera users! We are excited to announce that we have successfully completed an independent audit of our no-log policy for Opera’s free browser VPN available on...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Openbugbounty
Openbugbounty
added 2024/08/03 6:29 p.m.12 views

deloitte.co.uk Cross Site Scripting vulnerability OBB-3953269

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/18 8:24 a.m.75 views

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...

9.8CVSS8.7AI score0.99428EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.337 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
0day.today
0day.today
added 2024/05/13 12:0 a.m.227 views

Plantronics Hub 3.25.1 - Arbitrary File Read Vulnerability

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

6.7CVSS7.1AI score0.01673EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/05/13 12:0 a.m.303 views

Plantronics Hub 3.25.1 - Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

6.7CVSS7.7AI score0.01673EPSS
Exploits4
OSV
OSV
added 2024/02/20 11:42 p.m.53 views

GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.7AI score0.00493EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/02/20 11:42 p.m.42 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.9AI score0.00493EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/20 7:26 p.m.20 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.5AI score0.00791EPSS
Exploits0References11Affected Software4
RubySec
RubySec
added 2024/02/20 12:0 a.m.28 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder