Search Vulnerabilities

Capgo - Authorization Bypass in API Key Management via App-Limited Keys

Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage

Capgo - Scope Escalation via API Key Creation in /functions/v1/apikey

Capgo - Improper 2FA Enforcement Logic via Team Security Settings

Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

Broken Access Control in Azuriom CMS Server Routes Allows Account Takeover

Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions

LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticate...

DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-cloc...

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover