25 matches found
CVE-2026-49344
Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...
CVE-2025-27225
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...
CVE-2025-20329
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid...
EUVD-2024-16854
Malicious code in bioql PyPI...
EUVD-2025-5947
Malicious code in bioql PyPI...
CVE-2021-32077
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number SSN values via a brute-force attack on a sometimes hidden search field, because the last four SSN digits are part of the supported combination of search...
CVE-2025-20060
An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...
CVE-2025-20060
An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...
CVE-2025-20060
CVE-2025-20060 affects the Dario Health Android application and its database. An attacker could expose cross-user PII and PHI transmitted via the Dario Health app database. The available documents provide impact (privacy leakage) and CVSS-derived severity (high), but do not specify affected versi...
How to check if your data was exposed in the AT&T breach
AT&T has notified US state authorities and regulators about its recent or not data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of...
WooCommerce < 7.9.0 - Sensitive Information Exposure
Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to...
Directory traversal
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...
Over 200 Malicious NPM Packages Caught Targeting Azure Developers
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. "After manually inspecting some of these packages, it became apparent that this was a targeted attack agains...
Tulsa’s Police-Citation Data Leaked by Conti Gang
The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...
Cross site request forgery (csrf)
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such ...
Code injection
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy BLE device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offer...
SRC-2021-0019 : Microsoft SharePoint Server ProfilePropertyLoader Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Microsoft SharePoint Server. Authentication and user interaction is required to exploit this vulnerability. The specific flaw exists within the ProfilePropertyLoader control. The...
U.S. Dept Of Defense: PII Leak via /████████
Summary: An attacker is able to view PII Full name/address/e-mail/phone of all website users via █████████/████████ Step-by-step Reproduction Instructions 1. Browse to ████ and login or create an account. 2. Browse to ████/███████ 3. Begin typing a name in the Select User field, and click the i...
culturelab.gr GDPR PII Exposure vulnerability
Open Bug Bounty ID: OBB-1086626 Security Researcher SecuWatch Helped patch 15 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting culturelab.gr website and its users. Following...
How Can Akamai Identity Cloud Help With Regulatory Compliance?
Regulatory compliance related to personal identifiable information PII is continuously being enacted around the world as the amount of breaches and data abuse continues to grow. Understanding the variances between the many different privacy and data protection laws can be challenging for companie...