845 matches found
CVE-2026-42797
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
EUVD-2026-30494
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
CVE-2026-28830
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-43659
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data...
CVE-2026-28830
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-43659
CVE-2026-43659 is a race condition in the Apple FileProvider component. The issue could allow an app to access sensitive user data and was mitigated by added validation. Apple fixed it in multiple platforms: iOS 18.7.9 / iPadOS 18.7.9; iOS 26.5 / iPadOS 26.5; macOS Sequoia 15.7.7; macOS Sonoma 14...
CVE-2026-20696
Technical details beyond the high-level description for CVE-2026-20696 are not publicly available in the provided documents. The material confirms an authorization/state-management issue fixed in macOS Tahoe 26.4 affecting an app’s access to user data. Monitor for updates.
CVE-2026-20696
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-28964
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...
CVE-2026-28830
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-28830
CVE-2026-28830 describes a race condition resolved by additional input validation. Multiple connected sources (NVD, EUVD-2026-29216, CVE listings, and vulnerability enrichment) indicate the issue is fixed in macOS Tahoe 26.4 and that an app could potentially access sensitive user data. The availa...
PT-2026-39759
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by a race condition issue, which could allow applications to access sensitive user data...
PHPGurukul Apartment Visitors Management System 安全漏洞
PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. Version V1.1 of the PHPGurukul Apartment Visitors Management System contains a security vulnerability. This vulnerability stems from an SQL injection issue with the email...
CVE-2026-35543
A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...
CVE-2025-71280
XenForo before 2.3.7 is affected by an information-disclosure vulnerability where local account pages could be cached on shared systems, exposing sensitive user data to other local users. The root cause is local page caching on multi-user machines. Impact is exposure of user information; CVSS met...
Missing Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the users.json.php process. An attacker can access sensitive personal and financial information of all users by sending authenticated...
Unspecified Vulnerability in Apple macOS (CNVD-2026-19034)
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that stems from a logging issue that can be exploited by an attacker to cause an application to access sensitive user data...
Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19040)
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe contains a security vulnerability that can be exploited by attackers to cause an application to access sensitive user data...
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...