CVE-2024-4428

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-6878

Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24...

CVE-2024-47608

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...

WordPress plugin Lead Form Data Collection to CRM 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-22781 · Smackcoders · Smackcoders Lead Form Data Collection To Crm

Name of the Vulnerable Software and Affected Versions: smackcoders Lead Form Data Collection to CRM versions n/a through 3.1 Description: The issue is related to a Missing Authorization vulnerability that allows Privilege Escalation in smackcoders Lead Form Data Collection to CRM. Recommendations...

The vulnerability of microprogramming software in devices for integration and control of automation and data collection systems, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of microprogramming software in devices for integration and control of automation systems and data collection servers is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a malicious actor to compromise the...

CVE-2020-14101

The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

CVE-2019-3430

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system...

IBM Jazz Reporting Service Code Issue Vulnerability

IBM Jazz Reporting Service is a suite of ready-to-use reporting components from International Business Machines IBM. The product includes features such as report generation, data collection and lifecycle queries. A code issue vulnerability exists in IBM Jazz Reporting Service that stems from a...

ByeDPIAndroid - App To Bypass Censorship On Android

Android application that runs a local VPN service to bypass DPI Deep Packet Inspection and censorship. This application runs a SOCKS5 proxy ByeDPI and redirects all traffic through it. Installation Or use Obtainium 1. Install Obtainium 2. Add the app by URL:...

Azure deployed machines fail to Power On due to Data Collection Rule Associations

When applying a Machine Profile to an Azure-based Machine Creation Services catalog, attempting to Start machines may result in one of the following errors: "code":"UnsupportedFeature","message":"Data Collection Rule Associations is not supported in the location of the targeted parent resource...

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems TDSes. The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS...

US as a Surveillance State

Two essays were just published on DOGE's data collection and aggregation, and how it ends with a modern surveillance state. It's good to see this finally being talked about. EDITED TO ADD 5/3: Here's a free link to that first essay...

Elastic Agent 安全漏洞

Elastic Agent is a single agent from the Dutch company Elastic. Logs, metrics, traces, availability, security and other data can be collected from each host. A security vulnerability exists in Elastic Agent that stems from an uncontrolled introduction of functionality from untrusted control areas...

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

Shopify faces privacy lawsuit for collecting customer data

Shopify faces a data privacy class action lawsuit in the US that could change the way globally active companies can be held accountable. The proposed class action is a revival of a case that had been dismissed by a lower court judge and a three-judge 9th Circuit Court of Appeals panel. But now it...

Implementing AI Bill of Materials (AI BOM) with SPDX 3.0: a Comprehensive Guide to Creating AI and Dataset Bill of Materials

A Software Bill of Materials SBOM is becoming an increasingly important tool in regulatory and technical spaces to introduce more transparency and security into a project's software supply chain. Artificial intelligence AI projects face unique challenges beyond the security of their software, and...

The vulnerability of registrars (self-checking devices) GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000, data collection systems, and data collection devices MW100 manufactured by Yokogawa lies in the possibility of initializing the authentication function with a default unsafe value, allowing unauthorized access to the device by intruders.

The vulnerability of the GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000 registrators, as well as the GM data collection systems and MW100 data collection devices manufactured by Yokogawa, is related to the possibility of initializing...