26 matches found
CVE-2026-21629
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
EUVD-2026-17853
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
CVE-2026-21629
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
CVE-2026-21629
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
Joomla! CMS 访问控制错误漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. There is an access control vulnerability in the Joomla! CMS. This vulnerability arises from the fact that the ajax component in the administration area is excluded from the default login user checks, whi...
PT-2026-29501
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The ajax component was excluded from the default logged-in-user check in the administrative area, which may have been unexpected by third-party developers...
Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition
Apple has been fined €98.6 million $116 million by Italy's antitrust authority after finding that the company's App Tracking Transparency ATT privacy framework restricted App Store competition. The Italian Competition Authority Autorità Garante della Concorrenza e del Mercato, or AGCM said the...
Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps
Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment MASA audit. "We've launched this banner beginning with VPN apps due to the sensitive an...
Axis IP Camera Shell Upload Exploit
This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary...
Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process
Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities developed by third parties – that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon...
Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...
Facebook & Twitter suffer data breach via third-party developers
By Sudais Another day another breach involving Facebook, Twitter, and third-party developers. This is a post from HackRead.com Read the original post: Facebook & Twitter suffer data breach via third-party developers...
Google Is Finally Making Chrome Extensions More Secure
Third-party developers don't always build extensions with security best practices in mind. Now Google is taking steps to better protect user data...
Facebook bug exposed private photos of 6.8M users to third-party developers
By Waqas Another day, another privacy breach - This time, the social media giant Facebook has announced that a bug in its Photo API exposed private photos of over 6.8 million users to third-party app developers. The breach took place from September 13 to September 25, 2018, which means for 12 day...
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...
From Now On, Only Default Android Apps Can Access Call Log and SMS Data
A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident. Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving user...
Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...
Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...
Google admits third-party app developers read your Gmail emails
By Waqas Google says third-party developers can read your Gmail because you This is a post from HackRead.com Read the original post: Google admits third-party app developers read your Gmail emails...
‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies
A team of academic researchers has tested the phonetic wherewithal of smart-home assistants Amazon Alexa and Google Home, finding it possible to closely mimic legitimate voice commands in order to carry out nefarious actions. The researchers, a composite team from Indiana University in Bloomingto...