📄 EduplusCampus 3.0.1 Insecure Direct Object Reference

A critical insecure direct object reference vulnerability was identified in the EduplusCampus student portal version 3.0.1. This vulnerability allows an authenticated user to access the sensitive personal and financial records of other students by modifying the recno parameter in the API request...

EUVD-2025-200214

The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. Th...

CVE-2025-64067

Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...

CVE-2025-65944 Sentry-Javascript deals with leaked sensitive headers when `sendDefaultPii` is set to `true`

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

CVE-2025-12770

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

Holiday scams 2025: These common shopping habits make you the easiest target

Every year, shoppers get faster, savvier, and more mobile. We compare prices on the go, download apps for coupons, and jump on deals before they disappear. But during deal-heavy periods like Black Friday, Cyber Monday, and the December shopping rush, convenience can work against us. Quick...

EUVD-2025-198127

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

CVE-2025-12770

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

CVE-2025-12770

CVE-2025-12770 (New User Approve, WordPress) is an unauthenticated disclosure vulnerability in versions up to 3.0.9 caused by inadequate API key validation via a loose comparison, enabling access to PII (usernames and emails) through Zapier REST endpoints when api_key is set to 0. Wordfence and o...

PT-2025-47423

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

WordPress plugin New User Approve 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin New User Approve, which...

Thieves order a tasty takeout of names and addresses from DoorDash

DoorDash is known for delivering takeout food, but last month the company accidentally served up a tasty plate of personal data, too. It disclosed a breach on October 25, 2025, where an employee fell for a social engineering attack that allowed attackers to gain account access. Breaches like thes...

DualTAP: A Dual-Task Adversarial Protector for Mobile MLLM Agents

The reliance of mobile GUI agents on Multimodal Large Language Models MLLMs introduces a severe privacy vulnerability: screenshots containing Personally Identifiable Information PII are often sent to untrusted, third-party routers. These routers can exploit their own MLLMs to mine this data,...

Are you paying more than other people? NY cracks down on surveillance pricing

When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...

WordPress All in One Time Clock Lite plugin unauthorized access vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

Premierturk Excavation Management Information System 安全漏洞

Premierturk Excavation Management Information System is an excavation activity management system from Premierturk, Turkey. A security vulnerability exists in Premierturk Excavation Management Information System versions prior to v.10.2025.01, which originates from an externally accessible file or...

Watch out for Walmart gift card scams

You’ve probably seen it before—a bright, urgent message claiming you’ve qualified for a $750 or $1000 Walmart gift card. All you have to do is answer a few questions. It looks harmless enough. But once you click, you find yourself in a maze of surveys, redirects, and "partner offers"—without ever...

How to Protect Personal Data in Today’s API Economy

...