CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

EUVD-2026-28270

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

CVE-2026-41659

CVE-2026-41659 (Admidio) : The Admidio member assignment data endpoint before 5.0.9 includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in the SQL search condition, regardless of visibility settings. While JSON output hides these fields, the server-side search runs on the h...

CVE-2026-41659 Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

Admidio 信息泄露漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability involving information leakage. This...

GHSA-68PR-7PRH-MPV4 Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

PT-2026-26423

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. When a user has hide profile enabled, their bio, location, and...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates from the disclosure of a user's hidden profile information...

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from some hidden user profile fields being visible in...