14 matches found
CVE-2026-37978
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...
PT-2026-6727
Name of the Vulnerable Software and Affected Versions Spree versions prior to 4.10.3 Spree versions prior to 5.0.8 Spree versions prior to 5.1.10 Spree versions prior to 5.2.7 Spree versions prior to 5.3.2 Description An IDOR vulnerability exists in Spree Commerce's guest checkout flow. This allo...
CVE-2025-14591
Summary (CVE-2025-14591) Delphix Continuous Compliance (version 2025.3.0 and later) has an issue related to End-of-Record (EOR) handling in delimited files after a recent fix for CR+LF handling. An incorrect EOR configuration can cause inaccurate parsing and may leave PII unmasked. Other connecte...
EUVD-2024-32767
Malicious code in bioql PyPI...
U.S. Dept Of Defense: IDOR leads to view other user Biographical details (Possible PII LEAK)
The researcher discovered an Insecure Direct Object Reference IDOR vulnerability in the www.██████████ domain. The vulnerability allowed a user to access other users' biographical details, leading to a potential Personally Identifiable Information PII leak. The vulnerable endpoints were located i...
ENTAB ERP 1.0 Information Disclosure
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
ENTAB ERP 1.0 - Username PII leak Vulnerability
Exploit Title: ENTAB ERP 1.0 - Username PII leak Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab software in...
ENTAB ERP 1.0 - Username PII leak
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
Topcoder: IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data
Summary: Hello, A API on apps.topcoder.com/forums/ exposes the email of any user on topcoder.com and some PIIs name, surname, id. Steps To Reproduce: 1 Create a profile at topcoder.com 2 Go to apps.topcoder.com/forums and login forum 3 Entery any topic example:...
U.S. Dept Of Defense: PII Leak of ████████ Personal at https://www.█████████
Hello DoD Team, Summary: PII Leakage of approx 1000 personal is being disclosed through the pdf at https://www.████████which had been uploaded at the 7th of October, this includes Personal phone number and email address. Description: The list presented at the "████████" contains personal info suc...
LY Corporation: CORS misconfiguration leads to users information disclosure at https://studyroom.line.me
Due to the CORSCross-Origin Resource Sharing misconfiguration in the StudyRoom API server, SOPSame Origin Policy can be bypassed, and the API that retrieves one's profile information was returning more personal information than necessary. Combining the issues allows an attacker to obtain user...
U.S. Dept Of Defense: PII Leak via /██████
Summary: An attacker is able to access ServiceNow e-mail notification modules via █████/██████████. Once on this page, the attacker can click any of the notifications, select Preview Notification, and choose a user to view their profile data to include Full Name, rank, organization, e-mail addres...
U.S. Dept Of Defense: PII Leak via /███████
Summary: The ██████████ website allows access to PII of all site users via faulty access control to the /██████ endpoint. Step-by-step Reproduction Instructions 1. Browse to ████████ and login or create an account. 2. Browse to ███████/████████. You will be able to access PII of all site users...
U.S. Dept Of Defense: Support incident can be opened for any user via /███████ and PII leak via █████████ field
Summary: A malicious user can open an incident for any user via the ████/████████ page. This would allow the attacker to trick the victim into taking actions such as clicking a link or opening a file that has been attached to the incident. Impact A victim could be tricked into visiting a link,...