Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2024/08/08 8:15 a.m.15 views

CVE-2024-22069

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords...

8.8CVSS0.00133EPSS
Exploits0References1
Huntr
Huntradded 2023/06/09 9:0 a.m.4 views

Serious Security Vulnerability Discovered in Promotion

Description I am writing to report a serious security vulnerability that we have uncovered. Specifically, we have found that promotions applied to certain client groups are still being honored even after the promotions are no longer applicable to those groups. This means that attackers can...

7AI score
Exploits0
Hacker One
Hacker Oneadded 2022/09/03 6:59 p.m.19 views

U.S. Dept Of Defense: Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"

Hi Hackerone Triage team, I'm new in this program, what i understood that every Web Owned/Operated by DoD is in scope , so i did some google searches , exactly in wikipedia and i've find this PNG that confirms that U.S Air Force is in scope :...

7.4AI score
Exploits0
Hacker One
Hacker Oneadded 2021/06/01 12:8 a.m.12 views

Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

0.3AI score
Exploits0
Hacker One
Hacker Oneadded 2021/01/06 4:22 p.m.18 views

U.S. Dept Of Defense: [hta3] Remote Code Execution on ████

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker Oneadded 2020/08/28 5:23 a.m.119 views

New Relic: Getting API access key Through Introspection query Graphql

The introspection query should only be allowed internally and should not be allowed to the general public. If we can fetch the entire back-end API documentation and calls available on a server then that can be very dangerous is many cases what if we could get our hands on some API calls only mean...

6.6AI score
Exploits0
Hacker One
Hacker Oneadded 2017/11/28 9:58 p.m.12 views

HackerOne: Able To Check The Exact Bounty Balance of any Bug Bounty Program

Hello HackerOne, I found a way to check the exact bounty balance of any bug bounty program. Steps To Reproduce 1. Report to any program that giving a bounty 2. Go to your Inbox 3. Open the Burp Suite before you click the report you created for your target bug bounty program. 4. Click the Intercep...

6.7AI score
Exploits0
Rows per page
Query Builder