SAP NetWeaver AS 访问控制错误漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. An Access Control Error vulnerability exists in the Java-based SAP NetWeaver AS version 7.50, which stems from improper access control, and can be...

PT-2022-22999 · Miele · Appwash Mobileapp

Name of the Vulnerable Software and Affected Versions: Miele AppWash MobileApp affected versions not specified Description: The issue concerns an API endpoint used by Miele's AppWash MobileApp, which was vulnerable to an authorization bypass. A low-privileged, remote attacker could gain read and...

New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data

Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S...

Exploit for CVE-2022-27414

CVE-2022-27414 - SQL-Injection College Website CMS v1.0 - CVE-...

Pligg CMS SQL注入漏洞

Pligg CMS is a content management system by Berteh Personal Developers. A security vulnerability exists in Pligg CMS version v2.0.2, which stems from a security issue with the pagesize parameter in loaddatafortopusers.php...

CVE-2022-1361

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices...

CVE-2022-23802

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information remote. The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components,...

HumHub 安全漏洞

Humhub is a set of open source social networking software written on the Yii PHP framework. HumHub has a security vulnerability that stems from the fact that users who are forced by administrators to change their passwords may be able to retrieve data from other users. No detailed vulnerability...

CVE-2022-22328

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871...

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

The Irish Data Protection Commission DPC on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million $18.6 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have ...

Sourcecodester Hospital Patient Records Management System 安全漏洞

SourceCodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourceCodester Hospital Patient Records Management System version 1.0 contains a horizontal override vulnerability, whi...

Robinhood Data Breach – Hackers access millions of users’ data

By Waqas Robinhood data breach involved social engineering attack in which hackers somehow managed to gain access to the company's support system. This is a post from HackRead.com Read the original post: Robinhood Data Breach - Hackers access millions of users data...

CVE-2020-29012

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID via other, hypothetic...

CVE-2020-26801

A stored cross-site scripting XSS vulnerability was discovered in /Forms/devicevars1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request...

LabCup 授权问题漏洞

LabCup is a laboratory and research organization software management system from LabCup Ireland. It helps academic researchers and safety officers with chemical inventory management, risk assessment and compliance. An authorization issue vulnerability exists in LabCup, which arises from the abili...

VulnCheck KEV: CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...

Fashion marketplace giant 21 Buttons exposes millions of users’ data

By Sudais Asif According to researchers, the misconfigured AWS bucket is still exposed and 21 Buttons has not responded to them. This is a post from HackRead.com Read the original post: Fashion marketplace giant 21 Buttons exposes millions of users data...

Animal Jam data breach – Hacker leaks database with millions of accounts

By Waqas The developer of famous online playground Animal Jam has suffered a data breach that exposed tens of millions of users' data. This is a post from HackRead.com Read the original post: Animal Jam data breach - Hacker leaks database with millions of accounts...

CVE-2020-15263 XSS in platform

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4...

Mail.ru: Users information leak at sbermarket.ru

sbermarket.ru application could disclosure personal information from another request due to invalid caching settings...