CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

PT-2025-44939

Name of the Vulnerable Software and Affected Versions All in One Time Clock Lite versions up to and including 2.0.3 Description The plugin exhibits unauthorized access due to a missing authorization check. Admin-level AJAX actions are exposed to unauthenticated users through wp ajax nopriv hooks,...

WordPress plugin All in One Time Clock Lite 安全漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

How scammers use your data to create personalized tricks that work

Think of your digital footprint as your online shadow—the trail you leave behind whenever you browse, post, shop, or even appear in someone’s contact list. It’s your likes, reviews, comments, and all the little traces you didn’t mean to share. Together, they paint a picture of you—one that friend...

Ransomware gang claims Conduent breach: what you should watch for next [updated]

Update – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported a total of 10.5 million affected US...

CVE-2023-7320 WooCommerce <= 7.8.2 - Sensitive Information Exposure

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract...

CVE-2023-7320

The CVE affects the WordPress WooCommerce plugin; versions up to 7.8.2 expose store API REST endpoints due to improper CORS handling, enabling unauthenticated access to sensitive user data (PII) from any origin. This vulnerability is caused by misconfigured Cross-Origin Resource Sharing on the St...

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants

Unsecured House Democrats' resume bank DomeWatch exposed 7,000 records, including PII and "top secret" clearance status, raising identity theft fears...

Revive Adserver: Information Disclosure via “Add user” lookup in Account Management (User Access)

Version: ==revive-adserver 6.0.0== Flow Administrator Account ├── Management 1 │ ├── User A1 │ └── User A2 └── Management 2 ├── User B1 leak email, contacname └── User B2 leak email, contacname Summary: When a user under Management 1 navigates to User Access → Add user and enters a username, the...

CVE-2025-27225

TRUfusion Enterprise (versions

CVE-2025-11145

Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.This issue...

CVE-2025-61220

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information...

CVE-2025-61220

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information...

CVE-2025-61220

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information...

CVE-2025-61220

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information...

MySecondLine 安全漏洞

MySecondLine is a virtual number mobile application from MySecondLine, Inc. in the United States. A security vulnerability exists in MySecondLine version 1.2.91, which stems from an incomplete authentication mechanism that could allow an attacker to log in as another user and obtain unauthorized...

CVE-2025-61220

The CVE-2025-61220 entry concerns AutoBizLine, app package com.mysecondline.app, version 1.2.91, where an incomplete verification/authentication mechanism permits an attacker to log in as other users and access their personal information. The Red Hat, ENISA EUVD, CIRCL, NVD, and other feeds corro...

CVE-2025-62644

The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...