CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

CVE-2026-40314

NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

PT-2026-45802

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

PT-2026-45803

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

EUVD-2020-18955

Malware in sbrugna...

EUVD-2019-16340

Malware in sbrugna...

PT-2025-13859 · Drupal · Drupal Profile Private

Name of the Vulnerable Software and Affected Versions: Drupal Profile Private version . Description: The issue affects the private profile functionality. Recommendations: For version ., consider updating to a newer version that addresses this issue, if available. At the moment, there is no...

GitLab 12.2 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26408)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's...

CVE-2020-26408

A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's private profile...

UBUNTU-CVE-2020-26408

A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's private profile...

CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

PT-2020-16415 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 12.2 through 13.4.6 Gitlab CE/EE versions 13.5 through 13.5.4 Gitlab CE/EE versions 13.6 through 13.6.1 Description: A limited information disclosure issue exists that allows an attacker to view limited information in a...

GitLab Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...

GitLab: View the Starred Projects in a Private Profile

Summary It is possible to view the starred Projects in a private profile. Consider my profile for instance, https://gitlab.com/maruthi-adithya . This is a private profile and none of my account-related information should be leaked. However, https://gitlab.com/users/maruthi-adithya/starred.json...

CVE-2019-6782

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 1 of 6. An authorization issue allows the contributed project information of a private profile to be viewed...

CVE-2019-6782

Removed by vendor...

Windows Defender Firewall: Private Profile: Allow unicast response

The policy determines whether unicast responses to multicast or broadcast messages for a private connection will be blocked. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms o...

Windows Defender Firewall: Private Profile: Apply local connection security rules

The policy determines whether the local connection rules are merged with GP settings when connected to a private network. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of t...