Lucene search
K

25 matches found

CVE
CVE
added 2026/06/19 7:21 p.m.18 views

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.2 views

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

6.3AI score0.17464EPSS
Exploits1References3
NVD
NVD
added 2025/10/15 5:15 p.m.6 views

CVE-2025-20329

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid...

4.9CVSS0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-16854

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5947

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00367EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.6 views

CVE-2021-32077

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number SSN values via a brute-force attack on a sometimes hidden search field, because the last four SSN digits are part of the supported combination of search...

7.5CVSS6.9AI score0.0122EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/02 5:18 p.m.7 views

CVE-2025-20060

An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...

8.7CVSS6.5AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 5:15 p.m.7 views

CVE-2025-20060

An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...

8.7CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 4:51 p.m.87 views

CVE-2025-20060

CVE-2025-20060 affects the Dario Health Android application and its database. An attacker could expose cross-user PII and PHI transmitted via the Dario Health app database. The available documents provide impact (privacy leakage) and CVSS-derived severity (high), but do not specify affected versi...

8.7CVSS6.6AI score0.00367EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2024/04/11 7:33 p.m.34 views

How to check if your data was exposed in the AT&T breach

AT&T has notified US state authorities and regulators about its recent or not data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

WooCommerce < 7.9.0 - Sensitive Information Exposure

Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to...

6.8AI score
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/31 12:15 a.m.13 views

Directory traversal

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

1.7CVSS4AI score0.00303EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2022/03/24 7:12 a.m.35 views

Over 200 Malicious NPM Packages Caught Targeting Azure Developers

A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. "After manually inspecting some of these packages, it became apparent that this was a targeted attack agains...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/24 1:14 p.m.59 views

Tulsa’s Police-Citation Data Leaked by Conti Gang

The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...

6.7AI score
Exploits0References11
Prion
Prion
added 2021/05/06 1:15 p.m.13 views

Cross site request forgery (csrf)

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such ...

4.3CVSS6.4AI score0.00708EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2020/12/24 6:15 p.m.27 views

Code injection

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy BLE device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offer...

5.4CVSS8.3AI score0.00446EPSS
Exploits1References1Affected Software1
Source Incite
Source Incite
added 2020/11/18 12:0 a.m.67 views

SRC-2021-0019 : Microsoft SharePoint Server ProfilePropertyLoader Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Microsoft SharePoint Server. Authentication and user interaction is required to exploit this vulnerability. The specific flaw exists within the ProfilePropertyLoader control. The...

6.5CVSS6.1AI score0.0452EPSS
Exploits1
Hacker One
Hacker One
added 2020/06/22 9:0 p.m.14 views

U.S. Dept Of Defense: PII Leak via /████████

Summary: An attacker is able to view PII Full name/address/e-mail/phone of all website users via █████████/████████ Step-by-step Reproduction Instructions 1. Browse to ████ and login or create an account. 2. Browse to ████/███████ 3. Begin typing a name in the Select User field, and click the i...

4.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/02/07 10:5 a.m.10 views

culturelab.gr GDPR PII Exposure vulnerability

Open Bug Bounty ID: OBB-1086626 Security Researcher SecuWatch Helped patch 15 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting culturelab.gr website and its users. Following...

0.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/09/05 2:40 p.m.81 views

How Can Akamai Identity Cloud Help With Regulatory Compliance?

Regulatory compliance related to personal identifiable information PII is continuously being enacted around the world as the amount of breaches and data abuse continues to grow. Understanding the variances between the many different privacy and data protection laws can be challenging for companie...

1.2AI score
Exploits0
Rows per page
Query Builder