Information Exposure

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Information Exposure via the POST /store-api/account/login endpoint returning distinct error codes and echoing the probed email address. An attacker c...

K000160142: PostgreSQL vulnerability CVE-2021-20229

Security Advisory Description A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. CVE-2021-20229 Impact...

CVE-2025-61646 Watchlist group mode reveals authors of edits with hidden authorship

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-43542

CVE-2025-43542 involves a state-management flaw in Apple platforms that could cause password fields to be exposed when remotely controlling a device via FaceTime. Fixed in iOS 18.7.3 / iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 / iPadOS 26.2, macOS Sequoia 15.7.3, and visionOS 26.2. Affected compo...

CVE-2025-43360

The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed...

CVE-2025-37137

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

Linux Distros Unpatched Vulnerability : CVE-2016-2042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1...

DEBIAN-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

CVE-2024-39901

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39900

OpenSearch Dashboards Reports contains an access-control flaw in the reporting plugin: when accessing resources in a private tenant (e.g., notebooks), the system does not properly verify the user is the resource author, allowing unintended disclosure of private tenant resources. This is documente...

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

By Waqas The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now. This is a post from HackRead.com Read the original post: Jasons Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

normas.receita.fazenda.gov.br Cross Site Scripting vulnerability OBB-3266337

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ctf-2

This repository contains the writeup for the CSAW CTF 2015, a cybersecurity competition. The writeup is written in Polish and English, with the Polish version first. The writeup covers various challenges from the competition, including web, exploit, crypto, reversing, and forensics challenges. Ea...

Low: Red Hat Security Advisory: ovirt-ansible-roles security update

An update for ovirt-ansible-roles is now available for Red Hat Virtualization Engine 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

HackerOne: IDOR on Program Visibilty (Revealed / Concealed) against other team members

Hi HackerOne Team, Summary: When you are a part of a program security team, you have a choice to show in your profile that you are a member of the sec team, you can also hide it if you don't want to show it to your profile, any team member can do that using your profile settings here:...

US Voting Systems Deemed Critical Infrastructure

The Department of Homeland Security has designated the U.S. voting infrastructure, including voting machines and registration databases, as critical infrastructure. On Friday, Secretary Jeh Johnson elevated the voting infrastructure to a critical infrastructure subsector under the existing...

gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...