Lucene search
K

6 matches found

NVD
NVD
added 2026/06/09 1:16 p.m.15 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:54 a.m.26 views

CVE-2026-11764

CVE-2026-11764 describes a data exposure where exporting all reusable media includes gift card secrets, even for users without permission to view gift cards. This indicates a permission boundary bypass, since the UI/API only reveal partial (first letters) of the secret, yet the export leaks full ...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:54 a.m.12 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47750

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.57 views

Do Coding Agents Understand Least-Privilege Authorization?

As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...

5.9AI score
Exploits0
CVE
CVE
added 2024/06/11 4:49 p.m.57 views

CVE-2024-37293

The CVE concerns the AWS Deployment Framework (ADF) bootstrap process. Prior to v4.0.0, the bootstrap CodeBuild role could call sts:AssumeRole without restrictions, enabling escalation to any AWS account in the organization with elevated privileges. Patches are included in aws-deployment-framewor...

7.8CVSS7.9AI score0.00245EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder