EUVD-2026-31916

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

PT-2025-32437 · Byd · Byd Dilink 3.0 Os

Name of the Vulnerable Software and Affected Versions: BYD DiLink 3.0 OS affected versions not specified Description: An incorrect encryption implementation exists in the system log dump feature. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the...

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

GHSA-7CRJ-24G3-G7H7 SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

CVE-2024-21514

CVE-2024-21514 affects opencart/opencart 0.0.0 and specifically the Divido payment extension bundled in OpenCart 3.0.3.9. The issue is an SQL injection vulnerability in the Divido module that an anonymous, unauthenticated user can exploit (even if Divido is not enabled) to gain unauthorized acces...

CVE-2024-21666

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

Code injection

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

GHSA-G273-WPPX-82W4 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...

GHSA-C38C-C8MH-VQ68 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...

Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...

Hackers Leak Thousands of Idaho National Lab Employees’ PII Data

By Waqas SiegedSec is the group responsible for the data breach at the Idaho National Laboratory INL. This is a post from HackRead.com Read the original post: Hackers Leak Thousands of Idaho National Lab Employees PII Data...

The Risks of Exposing DICOM Data to the Internet

Introduction Digital Imaging and Communications in Medicine DICOM is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care...

What is Data Security Posture Management (DSPM)?

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for...

Original BreachForums Breached, PII Data of 210K Users Sold Online

By Habiba Rashid Have I Been Pwned, a central repository for tracking online data breaches, has confirmed the legitimacy of the stolen BreachForums data. This is a post from HackRead.com Read the original post: Original BreachForums Breached, PII Data of 210K Users Sold Online...