EUVD-2014-5652

Malware in sbrugna...

EUVD-2014-5434

Malware in sbrugna...

EUVD-2018-2360

Malware in sbrugna...

EUVD-2013-3580

Malware in sbrugna...

RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

Adoption agency leaks over a million records

Security researcher Jeremiah Fowler found a publicly accessible database online that contained highly personal information from an adoption agency. Jeremiah, who specializes in locating exposed cloud storage, is used to finding sensitive information exposed. However, because of the nature of the...

CVE-2024-10321

CVE-2024-10321 affects the WordPress plugin All-in-One Addons for Elementor – WidgetKit (WidgetKit for Elementor) version

CVE-2024-40582

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...

CVE-2024-53814 WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3...

CVE-2023-37232

Loftware Spectrum through 4.6 exposes Sensitive Information Logs to an Unauthorized Actor...

PT-2024-27836 · Themesphere · Themesphere Smartmag

Name of the Vulnerable Software and Affected Versions: ThemeSphere SmartMag versions prior to 9.3.0 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization vulnerability. It allows excavation and accessing functionality not properl...

PT-2024-37799 · WordPress · Ctt Expresso Para Woocommerce

Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce plugin for WordPress versions up to and including 3.2.12 Description: The issue concerns the exposure of sensitive information in the CTT Expresso para WooCommerce plugin for WordPress. This exposure occurs via t...

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

NETGEAR RAX40 Information Disclosure Vulnerability

The NETGEAR RAX40 is a wireless router from NETGEAR. An information disclosure vulnerability exists in versions prior to NETGEAR RAX40 1.0.3.64, which can be exploited by attackers to obtain sensitive information...

JBossEAP allows download of non-EJB class files

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...