PT-2026-27232

Security Advisory — Page Content Retrieval Improper Authorization Summary An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

CVE-2026-24422

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

EUVD-2018-1384

Malware in sbrugna...

CVE-2023-34090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

PT-2021-11799 · Helmholz +1 · Myrex24.Virtual +2

Name of the Vulnerable Software and Affected Versions: MB connect line mymbCONNECT24 versions through v2.11.2 mbCONNECT24 versions through v2.11.2 Helmholz myREX24 versions through v2.11.2 Helmholz myREX24.virtual versions through v2.11.2 Description: An issue allows an authenticated attacker to...

Nextcloud: Directory listing is enabled that exposes non public data through multiple path

Directory Listing is enabled on https://try.nextcloud.com and it shows out a few files on the server + The server version. POC: https://try.nextcloud.com/assets/ https://try.nextcloud.com/css/ https://try.nextcloud.com/js/ Impact This could leak sensitive information on the server and it also...

CVE-2018-0567

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors...

Authentication flaw

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors...

CVE-2018-0567

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors...

CVE-2018-0567

Cybozu Office 10.0.0 to 10.8.0 is affected by CVE-2018-0567, an operation restriction bypass that allows a user (authenticated) to access and write data before it becomes public. The issue is documented across multiple sources (e.g., JVN/CNVD/OpenVAS/NVD) and is classified with a CVSS v3 base sco...

libreport: Possible private data leak in Bugzilla bugs opened by ABRT

It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not...

Iran Acknowledges Hack Of Oil Ministry

The Iranian Oil Ministry has acknowledged that a virus outbreak has compromised servers and Web sites used by the Ministry, but denies that any non-public data was exposed. The notice, which was posted on the Web site for the Oil Ministry on Monday, quotes a Ministry of Petroleum spokesman as...