44 matches found
CVE-2026-9185
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...
BIT-MODSECURITY2-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
CVE-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
CVE-2026-42268
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
CVE-2026-42268
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
3 easy-to-miss cybersecurity risks for small businesses
There’s a lot to security that isn’t necessarily “cyber.” It’s not all hackers or complex network attacks. Alongside traditional cyberattacks that deploy malware or exploit known software vulnerabilities, there are also less technical—yet equally devastating—forms of theft. This doesn’t mean that...
EUVD-2018-9242
Malware in sbrugna...
EUVD-2021-18938
Malware in sbrugna...
Ransomware attack at blood center: Org tells users their data’s been stolen
A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...
CVE-2021-32077
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number SSN values via a brute-force attack on a sometimes hidden search field, because the last four SSN digits are part of the supported combination of search...
No, not every Social Security number in the U.S. was stolen
My current least favorite thing about the churn of social media that Ive seen over the past week is waves of stories, posts and videos saying that every U.S. citizens Social Security number has been stolen or potentially viewed by a threat actor. The claim comes from a class action lawsuit filed ...
A week in security (April 8 – April 14)
Last week on Malwarebytes Labs: How to change your Social Security Number Apple warns people of mercenary attacks via threat notification system How to check if your data was exposed in the AT&T breach Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities H...
U.S. Dept Of Defense: Exposure of Private Personal Information to an Unauthorized Actor - PII and soldier data (mos, schools, and speciality training)
The vulnerability exposed private personal information of soldiers, including their last four digits of Social Security number, home of record, military occupation specialty, and school records, to unauthorized users on the https://█████████/SelfService/home/selfservice website. The vulnerability...
VerityStream MSOW Solutions Information Disclosure Vulnerability
VerityStream MSOW Solutions is an application from VerityStream, Inc. A medical system. An information disclosure vulnerability exists in Primary Source Verification in VerityStream MSOW Solutions versions prior to 3.1.1, which can be exploited by an attacker to discover the Social Security Numbe...
CVE-2021-32077
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number SSN values via a brute-force attack on a sometimes hidden search field, because the last four SSN digits are part of the supported combination of search...
Design/Logic Flaw
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number SSN values via a brute-force attack on a sometimes hidden search field, because the last four SSN digits are part of the supported combination of search...
CVE-2021-32077
CVE-2021-32077 – VerityStream MSOW Solutions : A information disclosure vulnerability affects versions prior to 3.1.1, allowing an anonymous user to brute-force a (sometimes hidden) search field where the last four SSN digits are included in the supported selectors. This enables disclosure of doc...
VerityStream MSOW Solutions 安全漏洞
VerityStream MSOW Solutions is an application from VerityStream, Inc. A medical system. An information disclosure vulnerability exists in Primary Source Verification in VerityStream MSOW Solutions versions prior to 3.1.1, which can be exploited by an attacker to discover the Social Security Numbe...
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State
The Office of the Washington State Auditor SAO on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerabilit...
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...