CVE-2024-44210

CVE-2024-44210 is a macOS Sequoia vulnerability affecting StorageKit where an app may be able to access user-sensitive data due to insufficient permissions checks. The issue is fixed in macOS Sequoia 15.1. Affected product context from connected docs confirms the CVE is addressed by an OS update;...

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

Apple macOS security vulnerabilities

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.1 contained a security vulnerability caused by a log-related issue, which could allow applications access to sensitive user data...

PT-2026-3267

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

Chamilo LMS security vulnerabilities

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Version 1.11.2 of Chamilo LMS contains a security vulnerability. This vulnerability stems from insufficient...

WeGIA Cross-Site Script Vulnerabilities

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability occurred because the user-controlled data was not cleared before the html/atendido/cadastroocorrencia.php endpoint...

WeGIA Cross-Site Script Vulnerabilities

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the user-controlled data was not cleared before rendering the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003075)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003075 advisory. An issue was discovered in the Linux kernel through 4.17.2. vbgmiscdeviceioctl in drivers/virt/vboxguest/vboxguestlinux.c reads the same user data twice with...

CVE-2026-22240

The CVE-2026-22240 entry describes a vulnerability in BLUVOYIX (Bluspark) caused by improper password storage, exposing plaintext passwords via unauthenticated user APIs. An unauthenticated remote attacker could retrieve all user passwords by sending crafted HTTP requests to the vulnerable API, e...

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

CVE-2025-41078

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...

CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

CVE-2025-65784

Hubert Hub v2.0.1.27.3 (Hubert Imoveis e Administracao Ltda) has an insecure permissions issue that lets authenticated users with low privileges retrieve other users’ information through a crafted API request. Impact: confidentiality of data. Root cause: improper access controls on API endpoints....

PT-2026-2470

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

PT-2026-2445

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Hubert Brazil. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from insecure permissions and could lead to an authenticated, low-privileged attacker requesting access to other user information via a specially crafted...

CVE-2025-55462

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

Received an Instagram password reset email? Here’s what you need to know

Last week, many Instagram users began receiving unsolicited emails from the platform that warned about a password reset request. The message said: “Hi username, We got a request to reset your Instagram password. If you ignore this message, your password will not be changed. If you didn’t request ...