Lucene search
K

4 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-42374

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-30825

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1...

6.5CVSS5.7AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 5:18 p.m.4 views

GHSA-8C39-XPPG-479C Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

7.5CVSS6.7AI score0.00218EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2014/03/10 4:41 a.m.10 views

Justin Bieber Twitter account hacked, Spammed malicious links to 50 Million Followers

Pop Singer Justin Bieber's Twitter account hacked for around 15 minutes before it was corrected! The Twitter account with 50.2 Million Followers was compromised i.e. Twitter account with the second most Twitter followers. Spammers tweeted in Indonesian language from his hacked account with the...

7AI score
Exploits0
Rows per page
Query Builder