CVE-2026-56242

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates for vulnerability specifics, affected versions, impact, and remediations.

EUVD-2026-38167

Capgo before 12.128.2 contains an unauthenticated security definer RPC function getidentityapikeyonly that returns the owning userid for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys t...

CVE-2026-42083

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...

EUVD-2026-14543

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4...

CVE-2026-27017

A flaw was found in uTLS. When using GREASE Encrypted ClientHello ECH, uTLS versions 1.6.0 through 1.8.0 may exhibit a fingerprint mismatch with Chrome. This occurs due to an inconsistent selection of cipher suites between the outer ClientHello and the ECH, potentially allowing a remote observer ...

CVE-2026-1436

Improper Access Control IDOR in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive...

ICE Agents Are ‘Doxing’ Themselves

The alleged risks of being publicly identified have not stopped DHS and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents’ identities as a crime...

EUVD-2022-51063

Malicious code in bioql PyPI...

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

Moodle Information Disclosure Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that anonymous assignment submissions can...

BIT-MASTODON-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

Design/Logic Flaw

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

CVE-2022-48364

Summary: CVE-2022-48364 affects Mastodon 3.5.x before 3.5.3. The vulnerability resides in the undo_mark_statuses_as_sensitive method of app/services/approve_appeal_service.rb, which does not use the server’s representative account, causing moderator identity disclosure when a moderator approves a...

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

The vulnerability of the Jenkins Repository Connector Plugin, related to deficiencies in the authentication process, allows attackers to disclose information about user identities.

The vulnerability of the Jenkins Repository Connector Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to obtain information about user identities remotely...

Recovering Real Faces from Face-Generation ML System

New paper: "This Person Probably Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks GANs have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website http://thispersondoesnotexist.com,...

Bumble: Ability to collect users' ids that have visited a specific web page with malicious code

Hey , Regarding this report 130453 , I'm pretty sure that there's a little misunderstanding of the issue , so please let me clarify the issue a bit more . The issue is not about the disclosure of user's id , that wouldn't be considered an issue at all because every website puts user's id in the...