CVE-2026-3506

WP-Chatbot for Messenger plugin for WordPress (up to version 4.9) suffers an authorization bypass due to improper verification of user permissions, enabling unauthenticated attackers to overwrite the site’s MobileMonkey API token and company ID options . This can hijack chatbot configuration and ...

EUVD-2026-10461

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

CVE-2026-27687

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-24163

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-2307

Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19 Description The WebErpMesv2 application lacks authentication middleware for multiple sensitive API endpoints. This allows an unauthenticated remote attacker to read business-critical data, including companies...

CVE-2021-31678

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company...

EUVD-2022-27687

Malicious code in bioql PyPI...

Why Secure Document Management Matters Against Cybersecurity Threats

Cybersecurity threats aren’t just aimed at servers or customer databases. They also target a company’s most vital but…...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

".Zip" top-level domains draw potential for information leaks

Googles recent offering of the ".zip" top-level domain TLD has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals. As a result of user...

Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!

A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While th...

CVE-2022-22541

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access...

Information disclosure

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access...

8 tips to protect company data sent via home internet connections

By Owais Sultan The U.S. is on track to break the single-year data breach record in 2021, according to the Identity Theft Resource Center ITRC. That’s not even the whole story. For every high-profile data breach you hear about in the news, dozens of lower-profile attacks occur. These smaller...

Cyberpunk 2077 Publisher Hit with Hack, Ransomware

UPDATE CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves of company data being dumped online – including game source code. The Warsaw-based company tweeted out a notice o...

Data Breach Lessons from the Trenches

In this webcast Threatpost editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. He shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against futu...

Gen Z Interns and Social Media: A Perfect Security Storm

Researchers are warning of a new security Achilles’ heel for enterprises, and it may not be what they expect. That threat is interns. According to researchers, interns are unwittingly posting confidential and valuable company insights via social media that pose a security risk to the companies th...

Operative Framework HD - The Digital Investigation Framework, You Can Interact With Websites, Email Address, Company, People, Ip Address, And More

operative framework HD is the digital investigation framework, you can interact with websites, email address, company, people, ip address ... with basic/graphical view and export with XML, JSON. How to Install You need this packages mongoDB NPM Python 2 Create mongoDB database $ mongo $ use...