46 matches found
PT-2026-47531
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...
CVE-2026-45582
Affected software: n8n-MCP (MCP server). Before version 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters in telemetry data sent to the anonymous backend. This could expose values such as customer/tenant identifiers, short secrets in query strin...
CVE-2026-8679
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...
CVE-2025-52469
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...
CVE-2026-27004
CVE-2026-27004 concerns OpenClaw, an open-source personal AI assistant. In versions prior to 2026.2.15, the issue arises in multi-user/shared-agent deployments where session tools (sessions_list, sessions_history, sessions_send) could expose transcript content across peer sessions due to insuffic...
Directus Vulnerable to User Enumeration via Password Reset Timing Attack
Summary A timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. Details The password rese...
CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...
Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom
Schools in the US are installing vape-detection tech in bathrooms to thwart student nicotine and cannabis use. A new investigation reveals the impact of using spying to solve a problem...
Apple may have to open its walled garden to outside app stores
The UK’s Competition and Markets Authority CMA ruled that both Google and Apple have a "strategic market status." Basically, they have a monopoly over their respective mobile platforms. As a result, Apple may soon be required to allow rival app stores on iPhones—a major shift for the smartphone...
CVE-2025-42903
CVE-2025-42903 pertains to SAP Financial Service Claims Management via the RFC function ICL_USER_GET_NAME_AND_ADDRESS. The issue allows user enumeration and potential disclosure of personal data due to response discrepancies, with low confidentiality impact and no impact to integrity or availabil...
EUVD-2025-34091
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
PT-2025-41823
Name of the Vulnerable Software and Affected Versions gpp-burgerportaal versions prior to 2.0.3 gpp-burgerportaal versions prior to 3.0.2 gpp-burgerportaal versions prior to 4.0.1 Description gpp-burgerportaal is a Dutch government citizen portal application. In affected versions, the name and...
EUVD-2017-2659
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-3628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. CVE-2025-3628 Note that...
CVE-2025-56254
CVE-2025-56254 affects PHPGurukul Employee Leave Management System 2.1 with an Insecure Direct Object Reference (IDOR) in the file leave-details.php . An authenticated user can alter the URL parameter leaveid to access leave application details of other users, exposing sensitive data. Multiple co...
CVE-2025-47171 Microsoft Outlook Remote Code Execution Vulnerability
...
CVE-2024-23329
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...
Measuring the Accuracy and Effectiveness of PII Removal Services
This paper presents the first large-scale empirical study of commercial personally identifiable information PII removal systems -- commercial services that claim to improve privacy by automating the removal of PII from data broker's databases. Popular examples of such services include DeleteMe,...
Abusing with style: Leveraging cascading style sheets for evasion and tracking
Cisco Talos has identified actors abusing Cascading Style Sheets CSS to 1 evade spam filters and detection engines, and 2 track users' actions and preferences. This blog is a follow-up to our previous report on how threat actors could abuse CSS using a technique called "hidden text salting" to...