CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

SpringBlade security vulnerabilities

SpringBlade is a microservices development platform developed by Blade China. Version 4.5.0 of SpringBlade contains a security vulnerability. This vulnerability stems from improper access control in the importUser function, which may allow arbitrary import of sensitive user data...

CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

PT-2026-4774

Name of the Vulnerable Software and Affected Versions SpringBlade version 4.5.0 Description A flaw exists in the importUser function that allows attackers with limited privileges to import sensitive user data without proper authorization. The issue is due to incorrect access control...

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

MetaGPT code issues and vulnerabilities

MetaGPT is a multi-agent framework developed by MetaGPT Inc. There are code issues and vulnerabilities in MetaGPT; these vulnerabilities stem from the deserializemessage function’s lack of verification of the data provided by users, which may lead to the deserialization of untrusted data and remo...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004875 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info

As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches...

CVE-2025-14798

CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

CVE-2025-43508

CVE-2025-43508 affects macOS Tahoe 26.1 where a logging issue allowed potential access to sensitive user data due to insufficient data redaction. The root cause is improper logging of sensitive information, which has been addressed with improved data redaction. The vulnerability is mitigated by t...