Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 6 days ago5 views

BIT-AUTHENTIK-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

8.1CVSS5.9AI score0.00011EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/08 12:0 a.m.2 views

Deno 安全漏洞

Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A security vulnerability exists in Deno versions prior to 2.5.3 and prior to 2.2.15, which stems from the fact that the utime and utimeSync methods are not constrained by the privilege model,...

3.3CVSS4.2AI score0.00018EPSS
Exploits1References6
CNNVD
CNNVDadded 2023/08/09 12:0 a.m.1 views

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from allowing an attacker to bypass the privilege model by specifying a path traversal sequence in a buffer...

8.8CVSS6.8AI score0.00118EPSS
Exploits0References6
CNNVD
CNNVDadded 2023/08/09 12:0 a.m.3 views

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from allowing an attacker to bypass the privilege model via path traversal using the API process.binding...

7.5CVSS6.9AI score0.00193EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/07/01 12:0 a.m.2 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from loading an arbitrary OpenSSL engine when enabling an experimental privilege model, which can bypass and/or disable the privilege model...

7.5CVSS7.7AI score0.00044EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/06/21 12:0 a.m.2 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from a lack of checks to bypass the experimental privilege model...

7.5CVSS6.7AI score0.00022EPSS
Exploits0References3
Exploit DB
Exploit DBadded 2017/08/28 12:0 a.m.902 views

Abusing Token Privileges For LPE

Abusing Token Privileges For LPE. Papers exploit for Windows platform |=-----------------------------------------------------------------------=| |=----------------= Abusing Token Privileges For LPE=------------------=| |=-----------------------------------------------------------------------=|...

7.8CVSS0.78459EPSS
Exploits22
ThreatPost
ThreatPostadded 2012/05/29 3:38 p.m.8 views

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

The Department of Homeland Security Is Offering Organizations That Use Industrial Control Systems advice or mitigating the effects of cyber attacks. Among the agency’s recommendations: hold on to data from infected systems and prevent enemies from moving within your organization. DHS’s Industrial...

7.6AI score
Exploits0References5
Rows per page
Query Builder