1173 matches found
GHSA-RWCR-RPCC-3G9M elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition
Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response" vulnerability. Because the worker does not verify which request a response belongs to, it may...
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
CVE-2026-28430
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...
Hackers claim to have accessed data tied to millions of crime tipsters
Millions of crime tips may have been exposed after a hacker group claims to have compromised systems used by Crime Stoppers programs and other organizations worldwide. The incident centers on P3 Global Intel, a Texas-based provider of cloud-based tip and intelligence management software owned by...
EUVD-2026-15188
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
PT-2026-27640
Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...
EUVD-2025-208926
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...
CVE-2025-10731
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is affected up to version 2.2.12. The vulnerability is a SENSITIVE INFORMATION EXPOSURE via the allReminderSettings function, allowing unauthenticated attackers to ob...
CVE-2026-31381 Gainsight Assist plugin information disclosure
An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...
Gainsight Assist 安全漏洞
Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from the state parameter in the OAuth callback URL exposing the base64-encoded user email address, potentially leading to personal...
Your tax forms sell for $20 on the dark web
Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
EUVD-2026-12981
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
Inside a network of 20,000+ fake shops
We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title...
PT-2026-26164
Name of the Vulnerable Software and Affected Versions Hytale Modding Wiki versions prior to 1.0.0 Description An Insecure Direct Object Reference IDOR exists in the Hytale Modding Wiki. This allows any authenticated user to access personal information of mod authors, including their full names an...
Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud...
EUVD-2026-11754
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...