8 matches found
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-2458
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...
BIT-MOODLE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
USN-7692-1 request-tracker5 vulnerabilities
It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38562 It was discovered that Request Tracker was susceptible to cross-site scripting attacks whe...
CVE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
Apple iOS和Apple iPadOS 授权问题漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in iOS before 14.5 and iPadOS before 14.5, which stems from a possible...
Elastic Stack 7.9.0 and 6.8.12 Security Update
Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...