32 matches found
CVE-2026-4020
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2014-5652
Malware in sbrugna...
EUVD-2014-5434
Malware in sbrugna...
EUVD-2018-2360
Malware in sbrugna...
EUVD-2013-3580
Malware in sbrugna...
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
Adoption agency leaks over a million records
Security researcher Jeremiah Fowler found a publicly accessible database online that contained highly personal information from an adoption agency. Jeremiah, who specializes in locating exposed cloud storage, is used to finding sensitive information exposed. However, because of the nature of the...
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
Zoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing...
Hacker Leaks 144GB of Royal Mail Group Data, Blames Supplier Spectos
Hacker leaks 144GB of sensitive Royal Mail Group data, including customer info and internal files, claiming access came via supplier Spectos. Investigation underway!...
CVE-2024-10321
CVE-2024-10321 affects the WordPress plugin All-in-One Addons for Elementor – WidgetKit (WidgetKit for Elementor) version
12 Million Zacks accounts leaked by cybercriminal
A cybercriminal claimed to have stolen 15 million data records from the customers and clients of the company Zacks—a number that a separate investigation, after analysis, shaved down to just 12 million. Zacks is an investment research company best known for its "Zacks Ranks," which are daily list...
Valley News Live exposed more than a million job seeker’s resumes
Making your own bad news is not what Valley News Live had in mind, but negligence comes at a price. Cybernews researchers found an unprotected AWS S3 bucket that belongs to Take Valley News Live, a North Dakota-based television station. Gray Television, the owner of Valley News Live, makes for th...
CVE-2024-40582
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...
CVE-2024-53814 WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3...
PT-2024-32073 · Icecms · Icecms
Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: An access control issue in the CheckVip function in UserController.java of IceCMS allows unauthenticated attackers to access and return all user information, including passwords. Recommendations:...
CVE-2023-37232
Loftware Spectrum through 4.6 exposes Sensitive Information Logs to an Unauthorized Actor...
PT-2024-27836 · Themesphere · Themesphere Smartmag
Name of the Vulnerable Software and Affected Versions: ThemeSphere SmartMag versions prior to 9.3.0 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization vulnerability. It allows excavation and accessing functionality not properl...
PT-2024-37799 · WordPress · Ctt Expresso Para Woocommerce
Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce plugin for WordPress versions up to and including 3.2.12 Description: The issue concerns the exposure of sensitive information in the CTT Expresso para WooCommerce plugin for WordPress. This exposure occurs via t...
CVE-2024-29175
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...