4 matches found
EUVD-2026-42509
The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...
CVE-2024-34991
In the module "Axepta" axepta before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information expiry date / postal address / email / etc. without restriction due to a lack of permissions control...
Tracking Secret German Organizations with Apple AirTags
A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a "good...
DEBIAN-CVE-2011-4079
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...