81 matches found
CVE-2023-51451
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
Austin, USA / Texas, 7th May 2025, CyberNewsWire...
PT-2025-14050 · Unknown · Wpbean Our Team Members
Name of the Vulnerable Software and Affected Versions: WPBean Our Team Members versions n/a through 2.2 Description: The issue is related to the exposure of sensitive system information to an unauthorized control sphere. This is a problem where sensitive information is made available to...
The vulnerability of Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs, allowing attackers to gain access to protected information.
The vulnerability of the Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs. Exploiting this vulnerability can allow attackers to gain access to protected information...
Banking Malware Uses Live Numbers to Hijack OTPs, Targeting 50,000 Victims
A banking malware campaign using live phone numbers to redirect SMS messages has been identified by the zLabs research team, uncovering 1,000+ malicious apps and 2.5GB of exposed data...
CVE-2020-14496
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information ...
CVE-2024-48846
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
PT-2024-9197 · Abb · Abb Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise version 3.08.02 ABB NEXUS Series version 3.08.02 ABB MATRIX Series version 3.08.02 Description: The issue is related to the use of files and directories that are accessible to external parties, potentially allowing a...
CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...
US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data
Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…...
Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data
A server misconfiguration exposed a trove of documents belonging to FleetPanda, a leading petroleum and fuel industry software…...
The vulnerability of the IBM i operating system, related to the exposure of protected information, allows attackers to enhance their privileges.
The vulnerability of the IBM i operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
PT-2024-5575 · Pimcore · Pimcore Admin Classic Bundle
Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.3.10 Pimcore Admin Classic Bundle versions prior to 1.4.6 Pimcore Admin Classic Bundle versions prior to 1.5.2 Description: Navigating to "/admin/index/statistics" with a logged in Pimcore user...
WordPress plugin Otter Blocks PRO security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Data Leak Exposes Business Leaders and Top Celebrity Data
A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public…...
Notorious data leak site BreachForums seized by law enforcement
BreachForums—probably the largest dark web marketplace for stolen data to be leaked and sold—has been seized by law enforcement. Now, both the regular and the TOR domain of BreachForums are plastered with a message telling visitors the site is now under control of the FBI. The FBI said BreachForu...
CVE-2023-38267
IBM Security Access Manager Appliance IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584...
PT-2023-15420 · Unknown · Popup Maker
Name of the Vulnerable Software and Affected Versions: Popup Maker – Popup for opt-ins, lead gen, & more versions 1.17.1 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This can potentially lead to unauthorized access to confidentia...
CVE-2023-48185
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request...
QNAP QTS / QuTS hero Path Traversal (QSA-23-42)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-42 advisory. A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the...