15 matches found
Identity Exposure Management: Risks and Response
Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...
Apple多款产品 安全漏洞
Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from an issue with excessive access to resources by the graphics...
EUVD-2024-0611
Malicious code in bioql PyPI...
EUVD-2023-34139
Malicious code in bioql PyPI...
CVE-2025-8660
CVE-2025-8660 concerns Broadcom Symantec PGP Encryption (11.0.1). Connected sources describe a privilege-escalation issue caused by improper privilege assignment that could allow a user to gain higher access than permitted. The Brevity in sources notes elevated privileges but does not publicly sp...
Wiz launches support for Google Cloud excessive access findings based on audit logs
Google Cloud customers can now detect excessive access in their GCP environment based on Google audit logs to effectively right-size permissions...
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive...
PT-2022-27266 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions 2021.2 through 2022.10 Description: The issue concerns excessive access permissions for secure token health items. Recommendations: For versions 2021.2 through 2022.10, update to a version that addresses the...
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive...
CVE-2022-31589
Due to improper authorization check, business users who are using Israeli File from SHAAM program /ATL/VQ23 transaction, are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted...
Shopify: [h1-2102] Break permissions waterfall
Summary: Shopify Plus User permission roles will propagate changes to all the users in the role Its possible to break this If you pass FULL along with other Pemrissions into a user role edit It will propagate to the users and give them full access while the role shows partial access Steps To...
CVE-1999-1204
Check Point Firewall-1 does not properly handle certain restricted keywords e.g., Mail, auth, time in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator...