GHSA-XVP7-8VM8-XFXX Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

Summary The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless...

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless bearer...

CVE-2025-10750

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750 PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750

The CVE CVE-2025-10750 concerns the WordPress PowerBI Embed Reports plugin (

CVE-2025-62644

The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...

CVE-2025-62644

The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...

Prosper data breach puts 17 million people at risk of identity theft

Peer-to-peer lending marketplace Prosper detected unauthorized activity on their systems on September 2, 2025. It published an FAQ page later that month to address the incident. During the incident, the attacker stole personal information belonging to Prosper customers and loan applicants. As...

CVE-2025-62644

The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is documented across connected sources to have multiple vulnerabilities. A key issue is the Global Store Directory that shares personal information among authenticated users. Additional connected details describe weak...

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from the global store catalog sharing...

EUVD-2025-34931

The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...

CVE-2025-62644

The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

CVE-2025-42903

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

CVE-2025-20329 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid...

Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches

An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions...

CVE-2025-42903

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

EUVD-2025-34124

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

Phishing scams exploit New York’s inflation refund program

A warning from the New York State on their website informs visitors that: “Scammers are calling, mailing, and texting taxpayers about income tax refunds, including the inflation refund check.” Here's the warning on the website: We can confirm that several phishing campaigns are exploiting a...