bug-bounty434
xss281
google261
microsoft220
facebook194
apple140
rce139
malware103
exploit101
bragging-post97
account-takeover94
cve79
csrf77
authentication-bypass67
privilege-escalation62
access-control53
phishing51
dos49
defi48
smart-contract47
supply-chain46
browser45
ethereum44
writeup44
cloudflare44
ssrf44
stored-xss44
open-source43
sql-injection41
web339
input-validation38
web-security38
aws37
cross-site-scripting36
docker36
ai-agents35
reverse-engineering35
reflected-xss34
react34
api-security34
oauth33
smart-contract-vulnerability33
burp-suite32
idor31
information-disclosure31
node30
race-condition30
denial-of-service29
web-application28
responsible-disclosure27
0
6/10
bug-bounty
A DevOps engineer discovered unauthenticated RCE as root on publicly exposed Marathon container orchestration instances by leveraging the task scheduling API to execute arbitrary commands without authentication, discovered via Shodan reconnaissance.
rce
authentication-bypass
marathon
mesos
container-orchestration
unauthenticated-access
shodan-recon
devops-misconfiguration
command-injection
privilege-escalation
Marathon
Mesos
DC/OS
Shodan
netcat
curl