EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

PT-2026-29528

A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...

EUVD-2018-21626

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

PayPal Confirms Six-Month Data Exposure Linked to Loan System Error

PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months...

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

Coupang Data Breach Affects All 33.7 Million South Korean Accounts

Coupang confirms a data breach affecting 33.7 million users in South Korea, exposing names, contacts and order details. Investigation is ongoing...

Linux Distros Unpatched Vulnerability : CVE-2023-3300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users...

SUSE CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission

The Mozilla Foundation Security Advisory describes this flaw as: The first time AirPods are connected to an iPhone, they become named after the user's name by default e.g. Jane Doe's AirPods. Websites with camera or microphone permission are able to enumerate device names, disclosing the user's...

Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission

The Mozilla Foundation Security Advisory describes this flaw as: The first time AirPods are connected to an iPhone, they become named after the user's name by default e.g. Jane Doe's AirPods. Websites with camera or microphone permission are able to enumerate device names, disclosing the user's...

Ziggy's Fortress has an information leakage vulnerability

Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. An information leakage vulnerability exists in Qiji Fortress, which can be exploited by an attacker to obtain confidential information suc...

Opera server breach incident

News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...

PT-2012-1852 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.4 Moodle versions 2.1.x through 2.1.1 Description: The issue affects the chat functionality, allowing remote authenticated users to discover the name of any user via a beep operation. Recommendations: For...