Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

EUVD-2020-23575

Malware in sbrugna...

CVE-2025-41092

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

National Public Data returns after massive Social Security Number leak

Remember that data broker nobody had ever heard of, but managed to leak a database which contained the data of some 2.9 billion people? It's back, and this time with a search function. National Public Data suffered an alleged breach in 2024 against a data base that, it turned out, carried 272...

CVE-2020-6316

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check...

A week in security (December 9 &#8211; December 15)

Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...

MTN Group: Information disclosure via enabled Django Debug Mode

The Django Debug Mode was enabled, which resulted in the disclosure of error messages, API endpoints, and the ability to register arbitrary user accounts and enumerate email addresses of registered users...

CVE-2023-37627

Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

Tyler Technologies Tyler Odyssey 安全漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...

CVE-2021-42633

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records...

CentOS Web Panel Input Validation Error Vulnerability (CNVD-2019-32251)

CentOS Web Panel CWP is a free web hosting control panel. An input validation error vulnerability exists in CentOS Web Panel version 0.9.8.851, which can be exploited by an attacker to access and delete DNS records of affected users...

Design/Logic Flaw

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...

Prison Inmates Built PCs from e-Waste and Connected Online Using Prison Network

Can you imagine your world without the Internet? I know it's hard to imagine your life without the Internet, and the same was the case of two Ohio prisoners who built personal computers from parts from e-waste, hid them in the ceiling, and connected those PCs to the Internet via the prison's...

CVE-2016-9286

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...