Lucene search
K

457 matches found

GithubExploit
GithubExploit
added 2026/05/12 8:53 a.m.55 views

ISPB

🛡️ AI-powered Security Scanner Platform A next-generation...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.1 views

Astra Linux - уязвимость в dojo

All versions of the dojo package are vulnerable to Prototype Pollution through the setObject function...

9.8CVSS6.8AI score0.01995EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 7:28 a.m.4 views

Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).

Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...

9.8CVSS6.8AI score0.43247EPSS
Exploits3Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 11:51 p.m.2 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2026-4800 via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2026-4800 Source advisory: OSV:GHSA-R5FR-RJXR-66JC...

9.8CVSS6.2AI score0.00044EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.2 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHAMD-15869622...

7.9CVSS6.4AI score0.00028EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.3 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

9.8CVSS6.8AI score0.04314EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/02/04 12:0 a.m.3 views

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.5 views

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS6.1AI score0.00087EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 10:15 p.m.3 views

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS0.00087EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:53 p.m.4 views

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS6.1AI score0.00087EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 9:53 p.m.2 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS5.8AI score0.00087EPSS
Exploits0References2
CVE
CVE
added 2026/01/29 9:53 p.m.6 views

CVE-2026-25117

CVE-2026-25117 concerns pwn.college DOJO, an education platform. Before commit e33da14449a5abcff507e554f66e2141d6683b0a, sandboxing was missing on routes starting with /workspace/*, allowing a challenge author to inject arbitrary JavaScript that runs in the same origin as the DOJO site. This cons...

8.3CVSS6.1AI score0.00087EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/29 9:53 p.m.2 views

EUVD-2026-4941

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS6.1AI score0.00087EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 9:53 p.m.3 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS6.1AI score0.00087EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/29 9:53 p.m.18 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS0.00087EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.0 views

DOJO Cross-Site Scripting Vulnerabilities

DOJO is a JavaScript toolkit open source by pwn.college. pwn.college’s DOJO has a cross-site scripting vulnerability; this vulnerability stems from the lack of sandbox isolation, which may lead to sandbox escape and arbitrary JavaScript execution...

8.3CVSS5.8AI score0.00087EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/10/26 12:25 p.m.109 views

Exploit for CVE-2025-62376

Improper Authentication in pwn.college DOJO Education Platform...

9.5CVSS6.7AI score0.00071EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/10/16 9:51 a.m.156 views

Exploit for CVE-2025-62376

CVE-2025-62376: Local Privilege Escalation Exploit for Sudo...

9.5CVSS6.8AI score0.00071EPSS
Exploits2
Cvelist
Cvelist
added 2025/10/14 9:58 p.m.8 views

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

9.5CVSS0.00071EPSS
Exploits2References2
CVE
CVE
added 2025/10/14 9:58 p.m.8 views

CVE-2025-62376

The CVE-2025-62376 issue affects the pwn.college DOJO platform’s /workspace endpoint. The view_desktop flow retrieves the user via a URL parameter without confirming administrative privileges, enabling an attacker to specify any user ID and an arbitrary password to impersonate that user. When req...

9.5CVSS6.6AI score0.00071EPSS
Exploits2References2
Rows per page
Query Builder