TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal

TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...

CVE-2026-37981

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...

PT-2026-41871

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...

Exploit for CVE-2026-40776

CVE-2026-40776 Eventin wp-event-solution Broken Access C...

CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin is affected by CVE-2026-4106, with versions before 3.0.7 exposing an unauthenticated AJAX action that returns PII (e.g., full name, city, state, country) for customers who placed orders in the last 7 days. Impact is information disclosure of custo...

EUVD-2023-38124

Malicious code in bioql PyPI...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

CVE-2023-34000

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

CVE-2023-34000

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

Design/Logic Flaw

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

CVE-2023-34000

CVE-2023-34000 affects WordPress WooCommerce Stripe Payment Gateway plugin versions up to 7.4.0, with a fix in 7.4.1. The vulnerability is an unauthenticated insecure direct object reference (IDOR) that allows viewing order PII (email, name, full address) due to inadequate access control in order...

CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure

The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address etc...

HackerOne: Program managers can see draft reports using Export Reports feature

A bug in the HackerOne platform allowed program managers to see draft reports using the Export Reports feature, which led to the disclosure of PII without the reporter's permission. The bug was discovered when a user exported a report and found that it contained draft and disclosed report titles,...