CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

EUVD-2008-1900

Malware in sbrugna...

EUVD-2025-16489

Malicious code in bioql PyPI...

GHSA-HC6V-386M-93PQ Mattermost fails to properly enforce access controls for guest users

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...

CVE-2024-43409

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

BIT-GHOST-2024-43409 Ghost's improper authentication allows access to member information and actions

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost 4.46.0 through 5.89.4. v5.89.5 contains a fix for th...

GHSA-78X2-CWP9-5J42 Ghost's improper authentication allows access to member information and actions

Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...

Ghost's improper authentication allows access to member information and actions

Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...

CVE-2024-43409 Ghost's improper authentication allows access to member information and actions

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

Mattermost Server Security Bypass Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security bypass vulnerability exists in Mattermost Server, which can be exploited by an attacker to bypass access restrictions and learn about the members of an AD/LDAP group linked to a team by...

CVE-2024-32467

MeterSphere (open source continuous testing platform) is affected in versions prior to 2.10.14-lts. The issue allows members without space permissions to view member information from other workspaces beyond their authority. The root cause is insufficient access control that permits cross-workspac...

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.14-lts, which stems from an unauthorized member being able to overstep their rights to view member information in other workspaces...

InfraGard infiltrated by cybercriminal

InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGar...

GHSA-3QG4-2FCM-C8F9 Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page...

Design/Logic Flaw

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...

SQL Injection Vulnerability in Tpshop Us***.php Page at Member Information

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the member information of the Tpshop Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

金蝶shop商城后台弱口令泄露大量商家/会员信息/订单/网站信息

简要描述： 之前报的洞走了大厂商竟然就给了1rank，桑心啊，深夜挖洞挺不容易的，求给良心rank。。。 详细说明： 直接上图证明吧，出现问题的域名。 http://k3shop.k3cloud.kingdee.com/ 大致的扫了下网站目录，找到后台可直接登录admin用户！ 泄露的网站信息 http://k3shop.k3cloud.kingdee.com/sitemap.xml 漏洞证明： 订单信息 商家信息 会员信息...

NAFCU Dismisses Data Encryption Rule Idea

Even after suffering a data breach, the organization in charge of overseeing the needs of credit unions has cast off the idea of implementing a rule mandating the use of encryption for data transfers. Despite the breach, the National Association of Federal Credit Unions, or NAFCU, is insisting th...

SPGPartenaires 3.0.1 ident.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. B...