CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

18 matches found

CVE•added 2026/06/02 3:24 p.m.•13 views

CVE-2026-45679

CVE-2026-45679 affects OpenTelemetry eBPF Instrumentation (OBI). Prior to version 0.9.0, OBI exports raw Redis error text as the span status message, causing Redis error replies to be exposed in telemetry backends. This can leak attacker-controlled or sensitive data (tokens, PII, etc.) into downs...

6.5CVSS5.7AI score0.0018EPSS

Exploits1References2Affected Software1

NVD•added 2026/05/19 12:16 p.m.•10 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS0.00398EPSS

Exploits0References4

Cvelist•added 2026/05/18 9:51 p.m.•41 views

CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS0.00227EPSS

Exploits0References2

Packet Storm News•added 2026/05/04 12:0 a.m.•5 views

PIIGuard: Mitigating PII Harvesting under Adversarial Sanitization

Browsing-enabled LLM assistants can fetch webpages and answer contact-seeking queries, creating a practical channel for scraping contact-style personally identifiable information PII from public pages. Many prior defenses are deployed at the model, service, or agent layer rather than at the webpa...

Packet Storm News•added 2026/03/11 12:0 a.m.•5 views

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

Hacker One•added 2024/03/18 10:49 p.m.•24 views

HackerOne: Possible PII Disclosure via Advanced Vetting Process - ██████

Possible PII disclosure was identified in the HackerOne Advanced Vetting process. Unauthorized users were able to download a CSV file containing the names, usernames, and other personal details of users who had accepted the Advanced Vetting terms. The issue was observed in a sandboxed program, bu...

The Hacker News•added 2023/12/18 10:31 a.m.•40 views

Unmasking the Dark Side of Low-Code/No-Code Applications

Low-code/no-code LCNC and robotic process automation RPA have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microso...

Hacker One•added 2022/11/14 9:8 p.m.•5 views

MTN Group: IDOR at mtnmobad.mtnbusiness.com.ng leads to PII leakage.

The IDOR vulnerability at mtnmobad.mtnbusiness.com.ng allowed the personal information of users, such as their phone numbers and account details, to be accessed by an attacker who knew the user's email address. The vulnerable request was a POST to the /app/getUserNotes endpoint, which accepted th...

Hacker One•added 2022/02/23 10:43 a.m.•28 views

U.S. Dept Of Defense: Authorization bypass -> IDOR -> PII Leakage

Hi team! During testing ████ I found javascript file containing administrative panel functionality. It is accessible at: https://████/█████████ In this file I found an end point responsible for returning data about applications of the website users to the website administrators. The returned data...

Hacker One•added 2020/11/07 7:48 a.m.•20 views

Acronis: Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage

Blind XSS was possible on partners.acronis.com Tier 3 via several contact form fields. We have seen no signs of the exploitation of this vulnerability...

Hacker One•added 2020/10/13 7:56 p.m.•19 views

U.S. Dept Of Defense: PII Leak of USCG Designated Examiner List at https://www.███

Hello Dod Team, Summary: PII Leakage of approx 750 personal is being disclosed through the pdf at https://www.██████ which had been uploaded at the 7th of October, this includes Personal phone number and email address. Description: The list presented at the "dereport.pdf" contains personal info...

Hacker One•added 2020/06/17 4:28 a.m.•28 views

U.S. Dept Of Defense: PII Leak (such as CAC User ID) at https://████████/pages/login.aspx

Summary: An attacker can create an account on https://█████/pages/login.aspx and gain access to a wealth of PII for practically every member that is registered on the website. This information that the attacker has access to includes usernames, CAC User ID's, e-mail addresses, telephone numbers,...

Hacker One•added 2020/05/14 9:20 a.m.•104 views

U.S. Dept Of Defense: SSN is exposed on slides, previous critical report was not fixed in an appropriate way

Summary: SSN is exposed on slides, previous critical report was not fixed in an appropriate way Description: 1. SSN is exposed on a screenshot. Slide 13th. SSN is covered by an olive/green rectangle which is moveable. The image itself was not updated. ██████wp-content/uploads/2018/12/████████ 2...

Hacker One•added 2020/03/15 10:52 a.m.•14 views

U.S. Dept Of Defense: Improper Access Controls Allow PII Leak via ████

Summary: Dashboards in ██████████ allow a user to add widgets and obtain large amounts of information to include PII and diagnostic information. Additionally, a user is able to make changes to certain catalogs via these widgets. Description: Impact An adversary can gain access to PII to include...

Hacker One•added 2019/09/12 7:28 p.m.•26 views

U.S. Dept Of Defense: PII leakage due to scrceenshot of health records

Summary: Document shows a screenshot of a medical record for a soldier Description: One of the slides describes the CIV and PAD DSN along with some information relating to the soldier such as their name, the information appears to be old but could be still be an issue if they're in service Impact...

Hacker One•added 2019/07/16 12:0 p.m.•14 views

U.S. Dept Of Defense: PII leakage-Full SSN on ███

Summary: I discovered a pdf file on ████████ that outlines various information corresponding to military members. It reveals information on date of birth, where they were born, marriage status, race, children/dependents, etc Description: I discovered what looks to be an internal file that outline...

Hacker One•added 2018/07/01 10:20 p.m.•20 views

U.S. Dept Of Defense: Partial PII leakage due to public set gitlab

Summary: ████████ allows you to explore the repos, snippets,etc. On the snippets we find a name+icon and some code information. This shouldn't publicly exposed as an attacker may use it to perform further attacks Description: A configuration issue allows code and the name+icon of a user on the...

Hacker One•added 2018/06/29 7:49 p.m.•18 views

U.S. Dept Of Defense: PII leakage due to caching of Order/Contract ID's on █████████

Summary: I was able to discover contract numbers which leak out user names/emails/phone numbers nd other sensitive information. I took the time to assure that these contract id's wouldn't/shouldn't be easy guessable or known. Description: I discovered through google search query that I was able t...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by