FBI Recovers Deleted Signal Messages Through iPhone Notifications

Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom

Schools in the US are installing vape-detection tech in bathrooms to thwart student nicotine and cannabis use. A new investigation reveals the impact of using spying to solve a problem...

Malicious code in indah-klanting97-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0526d34d3bef4d31a476ece16ae53d45bc3a03a6c8faf009dbcb3f53d418ab1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2004-0664

Malware in sbrugna...

CVE-2025-46414

CVE-2025-46414 affects EG4 Electronics EG4 Inverters. The vulnerability is an unlimited number of PIN-entry attempts for a registered product, enabling brute-force access if an attacker has a valid device serial number. The API provides clear feedback on correct PINs. A server-side patch was issu...

Insecure Direct Object Reference

gitlab is vulnerable to Insecure Direct Object Reference. The vulnerability allows an endpoint to reveal an issue title to the user if they craft an API call with the same issue ID...

CVE-2022-38149

A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...

Design/Logic Flaw

cPanel before 78.0.2 reveals internal data to OpenID providers SEC-415...

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

Cross site scripting

GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies...

CVE-2017-16639

Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability...

Flaw in Google Home and Chromecast devices reveals user location

By Waqas Craig Young, an IT security expert from Tripwire has found This is a post from HackRead.com Read the original post: Flaw in Google Home and Chromecast devices reveals user location...

CVE-2017-7531

In Moodle 3.3, the course overview block reveals activities in hidden courses...

CVE-2016-1501

ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages...

OpenJDK Proxy mechanism information leaks (6801071)

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

VulnCheck KEV: CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

CVE-1999-0655

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function such as the...

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...