35 matches found
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
Linux Distros Unpatched Vulnerability : CVE-2025-1385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a...
Misconfigured Server Leaks 378GB of Navy Federal Credit Union Files
Cybersecurity researcher Jeremiah Fowler discovered an unsecured and misconfigured server exposing 378 GB of internal Navy Federal Credit…...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
Server-side Request Forgery (SSRF)
Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper web server configuration. An attacker can access internal server resources and dat...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2024-55888 Content Security Policy appears to be missing in software and production setup
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scriptin...
M-Files Server 安全漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 24.11 that stems from an authentication bypass condition in LDAP authentication, which allows users to authenticate without a password if the LDAP server itself...
AI Firm’s Misconfigured Server Exposed 5.3 TB of Mental Health Records
A misconfigured server from a US-based AI healthcare firm Confidant Health exposed 5.3 TB of sensitive mental health…...
North Koreans Secretly Animated Amazon and Max Shows, Researchers Say
Thousands of exposed files on a misconfigured North Korean server hint at one way the reclusive country may evade international sanctions...
Information Disclosure
microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured...
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...
Payment Giant Exposed 9 Million Credit Card Transaction Records
By Habiba Rashid The trove of sensitive data belonging to California-based Cornerstone Payment Systems was left exposed on a misconfigured server without any security authentication. This is a post from HackRead.com Read the original post: Payment Giant Exposed 9 Million Credit Card Transaction...
CVE-2022-36115
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An...
Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online
By Waqas The trove of data was leaked due to a misconfigured Elasticsearch server and in total it stored 870… This is a post from HackRead.com Read the original post: Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online...
US Govt’s secret terrorist watchlist with 2M records exposed online
By Waqas The watchlist was exposed on a misconfigured server hosted on a Bahrain IP address instead of a US one. This is a post from HackRead.com Read the original post: US Govts secret terrorist watchlist with 2M records exposed online...
Unnamed Vulnerability in October CMS
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. October before version 1.1.2 suffers from a security vulnerability that stems from a host header attack that may succeed when running on a misconfigured server. No detailed vulnerabilit...
Fashion retailer BrandBQ exposes 1 TB of customers, contractors data
By Sudais Asif The database was hosted on a misconfigured Elasticsearch server. This is a post from HackRead.com Read the original post: Fashion retailer BrandBQ exposes 1 TB of customers, contractors data...