CVE-2026-34395 AVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and wallet balances to any authenticated user. The endpoint checks User::isLogged but does not check User::isAdmin...

CVE-2026-34395

WWBN AVideo

CVE-2026-20675

CVE-2026-20675 : Apple platforms including watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 / iPadOS 18.7.5, visionOS 26.3, iOS 26.3, and iPadOS 26.3 are affected. The issue involves processing a maliciously crafted image and is fixed by improved bo...

EUVD-2026-5579

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.2 that stems from the potential...

EUVD-2020-6428

Malware in sbrugna...

EUVD-2024-21071

Malicious code in bioql PyPI...

EUVD-2021-29605

Malicious code in bioql PyPI...

EUVD-2025-9320

Malicious code in bioql PyPI...

CVE-2025-41030 Multiple vulnerabilities in Deporsite by T-INNOVA

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnovav2/IntegrantesRecursov21/llamadaAjax/buscarPersona’ using the ‘dni’ parameter...

CVE-2025-54791

CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...

CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...

CVE-2025-50738

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...

CVE-2021-42641

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users...

CVE-2020-27183

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...

CVE-2020-13792

PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload=manage-users directory traversal, aka local file inclusion...

CVE-2024-8009

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page...

PT-2024-31102 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 Description: An out-of-bounds read issue was addressed with improved input validation. Parsing a file may lead to disclosure of user information. Recommendations: For macOS version...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which originates from a GET request to /user/getUserList and can result ...