CVE-2021-37791

MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin...

CVE-2022-29578

Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage...

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech...

Mattermost Server: initial_load API exposes unnecessary information

An issue was discovered in Mattermost Server before 3.1.1. The initialload API disclosed unnecessary personal information...

Surveillance by Driverless Car

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation EFF senior staff attorney Adam Schwartz told Motherboard...

6 Best Data Security Practices You Can Start Today

Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...

UniverSIS UniverSIS-API SQL注入漏洞

UniverSIS UniverSIS-API is a student information system architecture interface. A remote attacker could use this vulnerability to retrieve personal information or change grades by sending a crafted SQL statement...

Why Uploading Your Personal Data on Social Media is a Bad Idea

By Owais Sultan Did you know almost every social media collects your personal data and sell it to third-party advertisers and… This is a post from HackRead.com Read the original post: Why Uploading Your Personal Data on Social Media is a Bad Idea...

WordPress plugin RSVP and Event Management Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress RSVP and Event Management plugin is vulnerable to an access control error that results from...

U.S. Dept Of Defense: ██████ SSN/EDPI

The vulnerability allowed authenticated users to request other soldiers' personally identifiable information, including their Social Security numbers and EDIPI, through a simple URL manipulation. The information was obtained by accessing the "listReviews" endpoint with a specific perID parameter...

cross-fetch 安全漏洞

cross-fetch is a generic WHATWG Fetch API for nodes, browsers, and React Native by Leonardo Quixada, an individual developer in the United States. A security vulnerability exists in cross-fetch that stems from exposing private personal information to unauthorized participants in the GitHub...

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

CVE-2022-27958

Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information...

CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

Design/Logic Flaw

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2022-1166

The CVE-2022-1166 issue affects the WordPress JobMonster Theme. The root cause is directory listing in the /wp-content/uploads/jobmonster/ folder due to absence of a default PHP file or .htaccess, which could expose personal data such as resumes. Public details in connected sources confirm the vu...

CVE-2022-1166 JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

Ukraine Leaks Personal Details of 620 Alleged FSB Agents

By Deeba Ahmed The Ukrainian Defense Ministrys Directorate of Intelligence claims the personal data includes names, phone numbers, addresses, vehicle license… This is a post from HackRead.com Read the original post: Ukraine Leaks Personal Details of 620 Alleged FSB Agents...

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

The Irish Data Protection Commission DPC on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million $18.6 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have ...

Luna Simo 安全漏洞

Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from the fact that it uses HTTP to send the following personally identifiable information PII in clear text to a server in China...