CVE-2023-28344

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots ...

Code injection

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots ...

PT-2023-22579 · Prestashop · Myinventory

Name of the Vulnerable Software and Affected Versions: PrestaShop module myinventory versions 1.6.6 and earlier Description: The issue allows unauthorized access to personal information due to incorrect access control in the myinventory module. This can be exploited by a guest performing a path...

CVE-2023-30281

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in PrestaShop scexportcustomers 3.6.1 and prior versions, which stems from th...

PT-2023-22623 · Prestashop · Prestashop Scexportcustomers

Name of the Vulnerable Software and Affected Versions: PrestaShop scexportcustomers versions 3.6.1 and earlier Description: The issue is related to Incorrect Access Control due to a lack of permissions control. This allows a guest to access exports from the module, potentially leading to a leak o...

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority's demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI's CEO, Sam Altman, tweeted, "we're excited ChatGPT is...

GHSA-H83H-77X2-6W6G Information exposure in microweber

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4...

Information exposure in microweber

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4...

US Facebook users can now claim Cambridge Analytica settlement cash

US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...

PT-2023-18362 · Unknown · Rosariosis

Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 10.9.3 Description: The issue allows a user to access a page containing personally identifiable information PII and sensitive information after logging out of the application by using the browser's back button. Th...

ENTAB ERP 安全漏洞

ENTAB ERP is an enterprise resource management system from ENTAB. A security vulnerability exists in ENTAB ERP version 1.0 that stems from the presence of a username PII leak...

Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns

The Italian data protection watchdog, Garante per la Protezione dei Dati Personali aka Garante, has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect,...

UBUNTU-CVE-2023-28117

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

xeroxloyalty.ro GDPR PII Exposure vulnerability OBB-3227657

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

BD Alaris Infusion Central

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2 --------- 2...

SUSE CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

PT-2023-2974 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows every keystroke made by any user on a computer with the Student application installed to be logged to a world-readable directory. This enables a local attack...

CVE-2022-20458

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...