Identity Exposure Management: Why It Matters

Millions of corporate credentials leak onto the public internet every single week. These exposed credentials act as open doors for threat actors looking to breach hybrid networks. When security teams rely only on legacy tools, they remain blind to these silent entry points. Book a HivePro demo to...

Identity Exposure Management: Risks and Response

Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...

CVE-2026-39966

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

CVE-2026-8237 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

How to Reduce Phishing Exposure Before It Turns into Business Disruption

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread...

Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11: - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictio...

Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11: - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictio...

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

Austin, TX, USA, 19th March 2026, CyberNewswire...

CVE-2026-31820

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...

CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...

EUVD-2026-8898

wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data...

CVE-2026-21352

creationtimestamp| type| source ---|---|--- 2026-02-11 07:27:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mekxayxdkq2g 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-02 20:00:00+00:00| seen|...

Tenable Identity Exposure < 3.77.16 Multiple Vulnerabilities (TNS-2026-03)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.16. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-03: - Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function...

[R1] Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/03/2026 - 09:56 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and...

[R1] Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/03/2026 - 09:56 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and...

CVE-2025-63292

Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...

Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...

[R1] Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET, SQL and curl were found to contain...

[R1] Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET, SQL and curl were found to contain...

Tenable Identity Exposure < 3.93.4 Multiple Vulnerabilities (TNS-2025-22)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.93.4. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2025-07, including the following: - Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NE...