CVE-2026-31689

The CVE-2026-31689 issue affects the Linux kernel EDAC/mc path: edac_mc_alloc() may call put_device() during an error path before device_init completes, causing a kobject initialization/cleanup hazard and in-kernel MCE decoding symptoms. The fix reorders the initialization so the device (and its ...

CVE-2024-47536

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

SUSE CVE-2023-53003

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the...

CVE-2024-49405

Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario...

CVE-2024-49405

Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario...

PT-2024-33516 · Samsung · Samsung Pass

Name of the Vulnerable Software and Affected Versions: Samsung Pass versions prior to 4.4.04.7 Description: The issue is related to improper authentication in the Private Info feature of Samsung Pass, allowing physical attackers to access sensitive information in a specific scenario...

Account Takeover

Description hacker can invite any user to team and with the bug i report it before can accept the invitation ..... hacker can add user in group to give them new permission in team...... when hacker visit the team can see private info for victim as and the hash password many token and more...

in janeczku/calibre-web

✍️ Description A user can see the name of another user's private shelf through a forbidden error. 🕵️‍♂️ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...

Facebook hidden profile data disclosure Exploit

This lets you gather a bunch of information, even if it is private. phone number, email, ip-address, birthday, etc. Material can automatically collect data and save, possible to connect a proxy list...

Harvest: Extracting private info of estimates.

Hey there, So when someone creates a new estimate for a client it is not accessible to anyone except the admin and the person with the private URL of the web invoice. Now their is an option to convert estimate into invoice through https://amandhakertest.harvestapp.com/invoices/new?estimateid=IDHE...

Danish Government database of 1,000,000 companies private info leaked by #Antisec

Danish Government database of 1,000,000 companies private info leaked by Antisec Anonymous Hackers upload a file on Torrent contain of the snapshot the the Danish Government database of companies. The contents of the database is currently browsable on the cvr.dk website, but the database is not...

DeluxeBB 1.3 Information Disclosure

====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie; memberpw=$memberpw; memberid=$memberid"; sub gener...

P2P Network Users Allow Access To Private Info

At SchmooCon, researchers thought it would be a hoot to take a look at some of the information people send out over peer-to-peer P2P networks. They were taken aback by what they found. Read the full article. Network World...

Microsoft Windows 2000不安全随机号码生成器信息泄露漏洞

Security loophole in Windows 2000 exposes users' private info Cryptanalysis of the Random Number Generator of the Windows Operating System Microsoft Windows 2000是一款流行的操作系统。 Microsoft Windows 2000包含的随机号码生成器存在漏洞，本地攻击者可以利用漏洞获得用户Email,密码和信用卡等敏感信息。 问题存在于CryptGenRandom函数中，此漏洞可导致本地信息泄露而不能进行代码执行攻击，也不能远程访...

CVE-1999-0606

The CVE-1999-0606 entry concerns the EZMall 2000 shopping cart CGI program mall2000.cgi. The issue is described as an incorrect configuration that could disclose private information, affecting confidentiality (PARTIAL) with a CVSS v2 base score of 5.0 (Network, low attack complexity, no authentic...