CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

EUVD-2026-29267

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

CVE-2026-28878

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps...

CVE-2026-20622

CVE-2026-20622 concerns a privacy issue in macOS where improved handling of temporary files could allow an app to capture a user’s screen. Concrete details across multiple sources show this impacts macOS Sequoia prior to 15.7.4 and macOS Tahoe prior to 26.3, with Apple’s advisory listing 15.7.4/2...

WordPress plugin wpForo Forum 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpForo Forum, which stem...

CVE-2026-20674

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information...

webkitgtk: track sensitive user information

A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information...

CVE-2025-30428

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication...

PT-2024-4835 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.5 iPadOS versions prior to 17.5 Description: A privacy issue was addressed with improved client ID handling for alternative app marketplaces. The issue is related to the MarketplaceKit component and its lack of...

GHSA-6698-MHXX-R84G Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...

CVE-2023-35675

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

PT-2023-19024 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.4 iOS versions prior to 16.4 iPadOS versions prior to 15.7.4 iPadOS versions prior to 16.4 Description: A privacy issue was addressed with improved private data redaction for log entries. An app may be able to acces...

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that m...

The Privacy Flaw Threatening US Democracy

Without robust federal protections, the country's widespread mass surveillance systems could be used against citizens like never before...

Facebook Had Years to Fix Flaw That Leaked 500M Users’ Data

Software makers can’t catch every bug every time, but Facebook had ample warning about the privacy problems with its “contact import” feature...

UBUNTU-CVE-2021-20281

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

Design/Logic Flaw

Wire is an open-source collaboration platform. In Wire for iOS iPhone and iPad before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...