CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-25757

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...

GHSA-P6PV-Q7RC-G4H9 Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Unauthenticated users can view completed guest orders by Order ID GHSL-2026-029 The OrdersControllershow action permits viewing completed guest orders by order number alone, without requiring the associated order token. Order lookup without enforcing token requirement in OrdersControllershow: rub...

EUVD-2026-4964

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

CVE-2025-65096

RomM (ROM Manager) prior to versions 4.4.1 and 4.4.1-beta.2 is vulnerable to Insecure Direct Object Reference (IDOR): an API access flaw that allows reading private or smart collections belonging to other users by directly supplying collection IDs, due to missing ownership verification/public/pri...

EUVD-2025-18210

Malicious code in bioql PyPI...

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier...

PT-2025-19329 · Mediatek +1 · Mt6580 +1

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution...

CVE-2020-13290

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page...

CVE-2022-39893

Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log...

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

ASB-A-153995334

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional...

CVE-2017-5262

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only RO community string has access to sensitive information by OID reference...