24 matches found
CVE-2026-44010 Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure
Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...
CVE-2019-12497
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...
EUVD-2018-20450
Malware in sbrugna...
EUVD-2012-1199
Malware in sbrugna...
CVE-2025-50870
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the...
PT-2025-31656 · Unknown · Institute-Of-Current-Students
Name of the Vulnerable Software and Affected Versions: Institute-of-Current-Students version 1.0 Description: The software is susceptible to Incorrect Access Control. The mydetailsstudent.php endpoint allows unauthorized access to student details. The myds GET parameter accepts an email address a...
SAP ERP HCM and SAP S/4HANA Authorization Issues Vulnerability
SAP ERP HCM and SAP S/4HANA are both products of SAP, an enterprise human resource management solution, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP ERP HCM and SAP S/4HANA have an authorization issue vulnerability that stems fro...
CVE-2022-28215
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information...
Bykea: Improper Access Control Allows Trip Hijacking and Passenger/Driver PII Disclosure
The vulnerability discovered allowed improper access control, enabling an attacker to hijack trips and disclose passenger and driver personally identifiable information. The /acknowledgedtheoffer and /accept endpoints failed to properly validate the ownership of the tripid, allowing an attacker t...
CVE-2023-45380
CVE-2023-45380 affects the Silbersaiten PrestaShop module “Order Duplicator – Clone and Delete Existing Order”
Design/Logic Flaw
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information...
Authorization
Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...
U.S. Dept Of Defense: Unauthorized access to PII leads to MASS account Takeover
Hi, I hope you doing well I found a critical endpoint which disclosed the personal information which can use to takeover any account present on https://██████████ Steps: 1. Visit the link https://www.████████/███████ you will get my details, including first name and last name, mobile number and...
CVE-2016-11066
An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...
CVE-2016-11066
An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...
Razer: THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com
Summary: If you use this google dork: site:apps.thx.com, you will notice many of the links no longer work. However, in the cached versions, they contain lots of sensitive user information from users who seemingly filled out a survey, including first and last name, zip code, gender, email, country...
CVE-2012-1169
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ affected...
CVE-2019-12497
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...
CVE-2018-8842
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...
Code injection
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...