CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete function. This makes it possible for unauthenticated attackers to delete...

CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete function. This makes it possible for unauthenticated attackers to delete...

SUSE CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

CVE-2021-1544

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...

Cisco Webex meeting客户端软件日志机制 信息泄露漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. An information disclosure vulnerability exists in the logging mechanism of the Cisco Webex meeting client software, which can be exploited by an authenticated, local attacker to gain access to sensitive information. The vulnerabili...

CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns

Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The...

Facebook's Voice Transcripts Were More Invasive Than Amazon's

The Capital One hacker, a Bluetooth vulnerability, and more of the week's top security news...

Amazon Admits Alexa Voice Recordings Saved Indefinitely

Amazon has acknowledged that it retains the voice recordings and transcripts of customers’ interactions with its Alexa voice assistant indefinitely. The admission raises questions about how long companies should be able to save highly-personal data collected from voice assistant devices. After U....

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

Design/Logic Flaw

DISPUTED Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the us...

PT-2018-10673 · Amazon · Alexa +1

Name of the Vulnerable Software and Affected Versions: Amazon Echo devices affected versions not specified Description: The reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill, allowing an attacker to obtain transcripts of speech not intended for Alexa to process. Thi...

Amazon Alexa Has Got Some Serious Skills—Spying On Users!

"Alexa, are you spying on me?" — aaaa.....mmmm.....hmmm.....maybe!!! Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device. Amazon Echo is an always-listening voice-activated smart ho...

YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code

YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code According to email transcripts posted to Pastebin yesterday, and confirmed by the company, a group of hackers attempted to extort $50,000 from Symantec in exchange for not releasing its stolen PCAnywhere and Norton...

CVE-2006-6769

Multiple cross-site scripting XSS vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 searchstring parameter in a setup/transcripts.php, the 2 l parameter in b index.php, the 3 login field in c phplive/index.php, and the 4 deptid...