Lucene search
K

24 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 8:17 p.m.8 views

CVE-2026-44010 Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.7 views

CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

5.3CVSS6.6AI score0.02008EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-20450

Malware in sbrugna...

8.8CVSS8.8AI score0.0057EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1199

Malware in sbrugna...

5.3CVSS5.2AI score0.01777EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/08/03 2:14 p.m.12 views

CVE-2025-50870

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the...

9.8CVSS6.1AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.8 views

PT-2025-31656 · Unknown · Institute-Of-Current-Students

Name of the Vulnerable Software and Affected Versions: Institute-of-Current-Students version 1.0 Description: The software is susceptible to Incorrect Access Control. The mydetailsstudent.php endpoint allows unauthorized access to student details. The myds GET parameter accepts an email address a...

9.8CVSS6.3AI score0.00358EPSS
Exploits0References4
CNVD
CNVD
added 2025/05/28 12:0 a.m.1 views

SAP ERP HCM and SAP S/4HANA Authorization Issues Vulnerability

SAP ERP HCM and SAP S/4HANA are both products of SAP, an enterprise human resource management solution, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP ERP HCM and SAP S/4HANA have an authorization issue vulnerability that stems fro...

5.8CVSS6.7AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.6 views

CVE-2022-28215

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information...

4.7CVSS6.7AI score0.00789EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/11/27 8:39 a.m.3 views

Bykea: Improper Access Control Allows Trip Hijacking and Passenger/Driver PII Disclosure

The vulnerability discovered allowed improper access control, enabling an attacker to hijack trips and disclose passenger and driver personally identifiable information. The /acknowledgedtheoffer and /accept endpoints failed to properly validate the ownership of the tripid, allowing an attacker t...

7AI score
Exploits0
CVE
CVE
added 2023/11/07 12:0 a.m.53 views

CVE-2023-45380

CVE-2023-45380 affects the Silbersaiten PrestaShop module “Order Duplicator – Clone and Delete Existing Order”

9.1CVSS8.4AI score0.00588EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/08 10:15 p.m.20 views

Design/Logic Flaw

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information...

4.3CVSS4.8AI score0.00429EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/22 3:15 p.m.23 views

Authorization

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

5CVSS7.2AI score0.00384EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/12/18 4:52 p.m.15 views

U.S. Dept Of Defense: Unauthorized access to PII leads to MASS account Takeover

Hi, I hope you doing well I found a critical endpoint which disclosed the personal information which can use to takeover any account present on https://██████████ Steps: 1. Visit the link https://www.████████/███████ you will get my details, including first name and last name, mobile number and...

0.2AI score
Exploits0
NVD
NVD
added 2020/06/19 8:15 p.m.17 views

CVE-2016-11066

An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...

7.5CVSS0.01143EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/19 7:23 p.m.19 views

CVE-2016-11066

An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...

7.5AI score0.01143EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/12/05 2:46 a.m.11 views

Razer: THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com

Summary: If you use this google dork: site:apps.thx.com, you will notice many of the links no longer work. However, in the cached versions, they contain lots of sensitive user information from users who seemingly filled out a survey, including first and last name, zip code, gender, email, country...

1.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/11/14 5:15 p.m.28 views

CVE-2012-1169

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ affected...

5.3CVSS6.1AI score0.01777EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/06/17 12:0 a.m.29 views

CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

5.3CVSS4.7AI score0.02008EPSS
Exploits0
Prion
Prion
added 2018/09/26 7:29 p.m.13 views

Code injection

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...

3.3CVSS8.5AI score0.0057EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/09/26 7:29 p.m.18 views

CVE-2018-8842

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...

8.8CVSS7.5AI score0.0057EPSS
Exploits0References3
Rows per page
Query Builder