67 matches found
CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps
Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...
EUVD-2023-40747
Malicious code in bioql PyPI...
A week in security (May 12 – May 18)
Last week on Malwarebytes Labs: Data broker protection rule quietly withdrawn by CFPB Meta sent cease and desist letter over AI training Google to pay $1.38 billion over privacy violations Android users bombarded with unskippable ads Last week on ThreatDown: ThreatDown introduces Firewall...
CVE-2024-10274
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...
CVE-2024-10274
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...
CVE-2024-10274 Improper Authorization in lunary-ai/lunary
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...
CVE-2024-10274 Improper Authorization in lunary-ai/lunary
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...
PT-2025-12035 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.5.5 Description: An improper authorization issue exists due to inadequate access control mechanisms in the "/users/me/org" endpoint, allowing unauthorized users to access sensitive team member information, including...
CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...
How to Sue a Company Under GDPR for Data Misuse and Privacy Violations
Learn how to sue companies under GDPR for data misuse. Understand your rights, file complaints, and claim compensation…...
Rumble Among 15 Targets of Texas Attorney General’s Child Privacy Probe
Texas has become a leading enforcer of internet rules. Its latest probe includes some platforms that privacy experts describe as unusual suspects...
Lack of access control on /users/me/org endpoint
Description The /users/me/org route is not adequately protected by access control mechanisms such as a middleware. This lack of authorization allows unauthorized users to access information about all team members in the current organization, even if the user does not have sufficient privileges. A...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an...
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations
The U.S. Federal Trade Commission FTC has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to...
Cookie consent choices are just being ignored by some websites
In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam UvA analyzed 85,000 European websites and came to the conclusion that 90% of them violated a...
CVE-2024-1442
A flaw was found in Grafana, where setting the Grafana API Data Source UID to '' Grants Unrestricted Access, grants a user the ability to set the UID to '' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources...
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, a...
State of Malware 2024: What consumers need to know
Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. As home users, many of the threats we cover will only affect you second hand, such as disruptions after a company suffers a ransomware attack, or when your...