U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity wa...

FCC comes down hard on robocallers with record $300m fine

Robocallers are in the news after the FCC issued a $300 million forfeiture to a persistent offender and shut down their operation. A robocall network makes use of automated software diallers to spam out large numbers of cold calls to unsuspecting recipients. These calls promise much but give very...

The vulnerability of the DigiExam online test control software lies in the lack of verification data for integrity checks. This allows a perpetrator to gain access to personal data and account information on shared computers.

The vulnerability of the DigiExam online test control software lies in the lack of control data for verifying integrity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to personal data and account information on shared computers...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

Input validation

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

CVE-2023-23568 affects Gallagher Command Centre Server (Command Centre) with improper privilege validation that allows authenticated unprivileged operators to modify and view Personal Data Fields. Public details enumerate affected releases: vEL8.40 and prior; vEL8.50 prior to vEL8.50.2831 (MR8); ...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

Ivanti Endpoint Manager Mobile 授权问题漏洞

Ivanti Endpoint Manager Mobile Ivanti EPMM is a mobile management software engine from Ivanti Corporation, USA. An authorization issue vulnerability exists in Ivanti Endpoint Manager Mobile version 11.10 and prior versions, which stems from an authentication bypass that could allow a remote...

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Command Centre Server that originates from improper privilege authentication allowing authenticated, unprivileged operators to...

CVE-2023-30200

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...

CVE-2023-30200

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...

PrestaShop 路径遍历漏洞

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop versions prior to 2.1.02, which originates from a path traversal attack that can b...

DigiExam 安全漏洞

DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...

PT-2023-4069 · Digiexam · Digiexam

Name of the Vulnerable Software and Affected Versions: DigiExam versions up to 14.0.2 Description: The issue is related to the lack of integrity checks for native modules in DigiExam, allowing remote attackers to access personally identifiable information PII and takeover accounts on shared...

CVE-2023-30195

In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...

CVE-2023-30195

In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Fast Access to Order Details 1.1.20 and earlier version...

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of...