Exposure of Private Personal Information to an Unauthorized Actor

Overview @angular/service-worker is an Angular - service worker tooling! Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the newHeaders function. An attacker can obtain sensitive credentials and session identifiers by...

EUVD-2025-210121

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

CVE-2026-7382

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

CVE-2025-13477

The CVE-2025-13477 entry concerns WifiBurada (Digital Operations Services Inc.) with an Authentication Bypass due to Insufficiently Protected Credentials, exposing private data. Affected through 21052026; CVSS 3.1 base score 7.1 (HIGH) with Network attack vector, low complexity, low privileges re...

CVE-2026-28922

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

Exposure of Private Personal Information to an Unauthorized Actor

Overview org.apache.tomcat:tomcat-websocket is a Tomcat WebSocket JSR356 implementation. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP...

CVE-2026-28922

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

PT-2026-39785

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...

CVE-2026-31689

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

CVE-2024-44219

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information...

CVE-2024-44219

CVE-2024-44219 affects macOS Sequoia (15.1) where a permissions issue could allow a malicious application with root privileges to access private information. Public documents confirm the flaw and its fix in Sequoia 15.1; remediation is to upgrade to macOS 15.1 or later. The exact root cause is de...

CVE-2026-3321 Authorization Bypass in ON24 Q&A chat

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

CVE-2026-20603

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information...

CVE-2026-20603

CVE-2026-20603 affects macOS Tahoe prior to 26.3, where an app with root privileges may access private information due to insufficient redaction of sensitive data. The issue is resolved in macOS Tahoe 26.3. Remediation: update to Tahoe 26.3 or later to apply the fix. This aligns with public advis...

CVE-2026-20603

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information...

GO-2026-4421 Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...