EUVD-2025-199903

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

OrangeHRM 授权问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. An authorization issue vulnerability exists in OrangeHRM versions 5.0 through 5....

EUVD-2025-23639

Malicious code in bioql PyPI...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

CVE-2025-51628

The CVE-2025-51628 vulnerability affects the PdfHandler component in Agenzia Impresa Eccobook versions up to 2.81.1 (and prior to 2.81.2). It is an insecure direct object reference (IDOR) that allows unauthenticated attackers to read confidential documents by supplying a DocumentoId parameter. Th...

CVE-2025-51628

Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...

Agenzia Impresa EccoBook 安全漏洞

Agenzia Impresa EccoBook is a ledger software from Agenzia Impresa, Italy. A security vulnerability exists in Agenzia Impresa Eccobook v2.81.1 and earlier versions, which stems from an insecure direct object reference in the PdfHandler component that could lead to the reading of confidential...

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack. It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website...

UCMS arbitrary file reading vulnerability

UCMS is a simple and efficient PHP open source CMS builder system. UCMS v1.6 contains an arbitrary file reading vulnerability, which can be exploited by attackers to directly obtain the contents of website files, and can therefore obtain many confidential documents...

UCMS 路径遍历漏洞

UCMS is a simple and efficient PHP open source CMS builder system. UCMS v1.6 contains an arbitrary file reading vulnerability, which can be exploited by attackers to directly obtain the contents of website files, and can therefore obtain many confidential documents...

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the...

Uber: Open AWS S3 bucket at ubergreece.s3.amazonaws.com exposes confidential internal documents and files

The Uber Greece AWS S3 bucket was open, allowing any remote user to view and download the files. Some of these files included confidential internal documents which could negatively impact Uber's brand. I found a uber microsite that had a link to this AWS bucket being used by Uber greece. Had some...

Threat Outbreak Alert RuleID32539: Email Messages Distributing Malicious Software on April 23, 2018

Medium Alert ID: 57558 First Published: 2018 April 23 19:25 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32539 may contain the following files: Name | Si...

Threat Outbreak Alert RuleID31571: Email Messages Distributing Malicious Software on December 8, 2017

Medium Alert ID: 56201 First Published: 2017 December 8 15:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31571 may contain the following files: Name |...

Equation and a wave of massive 0day attacks leaks, Microsoft this minor vaginal bleeding-exploit warning-the black bar safety net

Early in the morning get up and think of Sunny days still good? However cyberspace just gave birth to a wave of bomb has a blast! Shadow Brokers again leaked out a shocked the world of confidential documents, which contains a plurality of fine Windows Remote exploit tools, and can cover over 70% ...

Malware Scanning Services Containers for Sensitive Business Information

SINT MAARTEN—Malware scanning services could be the next listening outpost for criminals and nation-state attackers as more of these services such as VirusTotal are becoming containers for personal, business and even classified information because of some organizations’ policy decision to upload...

Box.com Plugs Account Data Leakage Flaw

Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says ...

Insecure NAS Device Exposes 350 Ameriprise Investment Accounts

A trove of data belonging to Ameriprise Financial was found earlier this month that included Social Security numbers, decryption keys and confidential internal company documents. The breach is related to the use of a network attacked storage device that insecurely backed up data from an internal...