GHSA-XVP7-8VM8-XFXX Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

Summary The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless...

EUVD-2025-35091

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers...

Information Exposure

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Information Exposure via the console.log and console.debug functions, which log sensitive response payloads from external services, including bearer tokens, account numbers, and...

CVE-2021-31679

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers...

Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State

The Office of the Washington State Auditor SAO on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerabilit...

Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted o...

T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers

Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection. The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some...

Former AWS Engineer Arrested as Capital One Admits Massive Data Breach

A massive breach of Capital One customer data has hit more than 100 million people in the U.S. and 6 million in Canada. Thanks to a cloud misconfiguration, a hacker was able to access to credit applications, Social Security numbers and bank account numbers in one of the biggest data breaches to...

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data...

X (Formerly Twitter): Protected tweets exposure through the URL

Summary Leaking sensitive information from protected tweets via a prepared website. This vulnerability could lead to exposure of information such as credit card numbers, bank account numbers, phone numbers, tokens, specific words or even the whole phrases but also the exposure of any additional...

CVE-2018-17404

The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number from a government-issued ID, and date of birth...

CVE-2018-14607

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...

Charter Communications Fixes Data Leaking Vulnerability

Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers. Customers’ payment details, modem serial numbers, device names, account numbers, home addresses, were being spilled...

CVE-2015-1314

The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances...

Data Breach Exposes Customer Payment Card Information

Grocery giants Albertsons and SUPERVALU announced yesterday that a data breach may have exposed the credit and debit card information of an unknown number of its customers at various grocery store locations in more than 18 states. Behind Kroger’s, Albertsons is the second largest grocery store...

BofA, Citigroup Warn of Mass. Security Breach

Two of the largest U.S. banks — Bank of America and Citigroup — have issued new credit and debit cards to Massachusetts customers after running into data-safety concerns. Bank of America and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account...