Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.8 views

CVE-2020-10077

GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk...

9.8CVSS6.7AI score0.01185EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/04/18 1:45 p.m.47 views

Cloudflare Public Bug Bounty: Cloudflare CASB Confused Deputy Problem

A vulnerability was found in Cloudflare CASB on Microsoft and GitHub integrations, allowing an attacker to create a new integration and access sensitive information if they were able to enumerate a valid tenant UUID or domain. The issue was resolved by disallowing the creation of multiple...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/29 4:44 p.m.15 views

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/29 4:0 p.m.12 views

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2022/02/11 2:50 p.m.28 views

Cloudflare Public Bug Bounty: HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function

The Edge Rules engine used by Cloudflare Transform Rules features string modifying functions like lower and concat, which accepted hexadecimal-encoded characters such as ”\x0a\x0d“. This allowed for manipulation of request headers e.g. injecting an additional header and, as a consequence, made HT...

7.1AI score
Exploits0
MSRC
MSRC
added 2021/02/18 4:0 p.m.54 views

Microsoft Internal Solorigate Investigation – Final Update

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidenc...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/13 4:39 a.m.94 views

Yandex Employee Caught Selling Access to Users' Email Inboxes

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2020/03/13 5:1 p.m.20 views

CVE-2020-10077

GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk...

9.5AI score0.01185EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2019/11/22 7:0 p.m.37 views

The GOP Is Mired in Conspiracies—and It's About to Get Worse

Opinion: If you thought the impeachment hearings were bad, wait until attorney general William Barr's internal investigation comes to light...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2019/10/28 7:37 p.m.32 views

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity

Despite investing 2.4 billion euros since 2016 to upgrade its cybersecurity profile, Italian banking institution UniCredit has suffered its third recent data breach, this time impacting 3 million customers. The company said in a short data breach announcement on its website that names, telephone...

0.6AI score
Exploits0References7
The Hacker News
The Hacker News
added 2019/10/28 5:11 p.m.5 views

UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers. Officially founded in 1870, UniCredit is Italy's biggest banking and financial...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/26 11:41 a.m.73 views

Hostinger Suffers Data Breach – Resets Password For 14 Million Users

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers an...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2012/07/11 8:3 p.m.6 views

Millions of Passwords leaked from Social Site Formspring

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A bl...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2011/10/26 4:55 p.m.8 views

Japanese Parliament Struggling To Address Hack, Data Theft

The fallout from a targeted attack on computers belonging to members of the Japanese House of Representatives continued on Tuesday, with claims that both servers and PCs on the House network were infected with a password stealing Trojan, and reports that House members had taken to storing sensiti...

1.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/03/10 6:39 p.m.14 views

HBGary E-mails: DuPont, Other Firms Hit In Aurora Attack

Emails unearthed by the HBGary hack reveal that Chinese hackers compromised the networks of chemical company, DuPont, and more than a dozen others high profile Western firms in late 2009 as part of a wide-scale hack since dubbed “Operation Aurora.” The revelations, gleaned from leaked e-mail,...

0.2AI score
Exploits0References7
Rows per page
Query Builder