74 matches found
CVE-2025-43916
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...
4chan Breached? Hacker from Rival Soyjak Forum Claims Source Code Leak
UPDATE: Hackread.com has reviewed internal Discord chat logs from 4chan's Discord server, which confirm the breach...
CVE-2025-32054
CVE-2025-32054 affects JetBrains IntelliJ IDEA prior to 2024.3, including 2024.2.4. The issue is a logging vulnerability where source code could be written to the idea.log file, potentially exposing sensitive information. The root cause is that certain source code content is logged during normal ...
SysPass 安全漏洞
SysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in SysPass version 3.2.x. The vulnerability stems from the file upload feature not handling special characters correctly, resulting in a source code leak...
CVE-2024-35144
The CVE-2024-35144 case affects IBM Maximo Application Suite Monitor Component (versions 8.10, 8.11, 9.0). Description: the Monitor Component stores source code on the web server, creating potential disclosure of sensitive information (CWE-540). Impact is information disclosure that could aid fur...
CVE-2024-35144 IBM Maximo Application Suite information disclosure
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...
CVE-2024-35144 IBM Maximo Application Suite information disclosure
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...
CVE-2025-24360
CVE-2025-24360 affects the Nuxt framework (Vue.js) prior to v3.15.3, with v3.8.1–v3.15.3 vulnerable due to default CORS settings that allow any origin to send requests to the development server and read responses. Several sources corroborate that, when using the Vite builder with the default serv...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
MTN Group: Yet Another OTP code Leaked in the API Response
The OTP code was leaked in the API response, which compromised the purpose of its implementation. The application requested a phone number for authentication and sent an OTP code to the user, but the OTP was returned in the API response, exposing it to potential misuse...
MTN Group: OTP code Leaked in API Response
The application allowed users to sign up for device insurance. When getting a quote, an OTP code was sent to the user's phone number for authentication, but the same OTP code was also returned in the API response...
CVE-2024-41829
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection...
CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising
As the international tech giant moves toward Russian ownership, the leak raises concerns about the volume of data it has on its users...
CVE-2023-33468
KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ranso...
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...
CVE-2021-28805
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...
glimmer_pocs
This is a proof-of-concept PoC repository for the tool "glimmer". The repository contains various PoCs for different types of vulnerabilities and information disclosure. The PoCs are implemented as Python scripts, each targeting a specific vulnerability or information disclosure. The PoCs are...