CVE-2026-44374

A flaw was found in Backstage, an open framework for building developer portals. The system's unprocessed entity endpoints lack proper authorization checks. This allows any authenticated user to access sensitive entity records they should not have access to, leading to unauthorized information...

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

PT-2026-42014

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description Multiple admin controllers expose DataTable endpoints that lack authorization checks. This allows any authenticated user, regardless of their assigned role, to access sensitive administrative data...

CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

Invoicely Database Leak Exposes 180,000 Sensitive Records

Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide...

EUVD-2022-33417

Malicious code in bioql PyPI...

EUVD-2023-24121

Malicious code in bioql PyPI...

Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records

Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password...

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

Healthcare security lapses keep piling up

Healthcare is one of the sectors that has the most sensitive information about us. At the same time it's one of the worst at keeping them secret. Because of its access and storage of our personal health information PHI and other personally identifiable information PII, the healthcare sector shoul...

Clinical Research Firm Exposes 1.6 Million US Medical Survey Records

A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6…...

Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records

Another day, another healthcare database misconfiguration exposing sensitive patient information...

CVE-2024-50589

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

Microsoft Power Platform Terraform Provider 安全漏洞

Microsoft Power Platform Terraform Provider is a power platform provider from Microsoft Corporation USA. A security vulnerability exists in Microsoft Power Platform Terraform Provider versions prior to 3.0.0 that stems from an error in the logging code that prevents sensitive records from being...

Spoofing

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

CVE-2022-28986

The CVE-2022-28986 entry concerns LMS Doctor Simple 2 Factor Authentication Plugin for Moodle (affected: 2021072900). The vulnerability is an Insecure Direct Object Reference (IDOR) that could let an attacker remotely update sensitive records (email, password, phone number) of other user accounts...

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

FOX News Exposed 13 Million Sensitive Records Online

By Waqas The incident was caused due to database misconfiguration in which FOX News exposed around 58 GB worth of… This is a post from HackRead.com Read the original post: FOX News Exposed 13 Million Sensitive Records Online...

DreamHost hosting firm exposed almost a billion sensitive records

By Habiba Rashid The database belonged to DreamHost's DreamPress managed WordPress hosting that was left exposed without any security authentication. This is a post from HackRead.com Read the original post: DreamHost hosting firm exposed almost a billion sensitive records...