keycloak: org.keycloak.services: Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

CVE-2026-29133

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities

Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...

Focus on What Matters Most: Exposure Management and Your Attack Surface

Read the full article for key points from Intruder's VP of Product, Andy Hornegold's recent talk on exposure management. If you'd like to hear Andy's insights first-hand, watch Intruder's on-demand webinar. To learn more about reducing your attack surface, reach out to their team today. Attack...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from an incorrect assignment of critical resource...

IBM Security Verify Governance Cross-Site Scripting Vulnerability

IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an...

Vulnerability Revealed OpenSea NFT Market Users’ Identities

By Waqas It was a cross-site search XS-Search vulnerability that could be exploited by an attacker to obtain a user's identity. This is a post from HackRead.com Read the original post: Vulnerability Revealed OpenSea NFT Market Users Identities...

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

Cisco Nexus Dashboard Access Control Error Vulnerability

Cisco Nexus Dashboard is a centralized data center control panel that makes it easier to manage hybrid cloud network operations and maintenance.A security vulnerability exists in Cisco Nexus Dashboard that could be exploited by attackers to spoof user identities and send malicious requests...

IBM Engineering Requirements Quality Assistant跨站请求伪造漏洞

IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. The application can significantly reduce the cost of finding defects, facilitate the early detection of requirements errors in the...

Plesk CMS Access Control Error Vulnerability

Plesk Cms is a WebOps hosting platform in Switzerland. Used to run, automate and grow applications, websites and hosting businesses, an access control error vulnerability exists in Plesk CMS, which stems from the product not effectively restricting user identities. An attacker could exploit this...

Facebook sued for siphoning facial recognition data without consent

Ken Paxton, the Attorney General of Texas, recently filed a lawsuit against Facebooks parent company, Meta, for harvesting the facial recognition data of millions of Texan residents—for a decade. Paxton filed the lawsuit on Monday in the states Harrison County District Court. The suit contains...

Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability

Cisco Unified Intelligence Center is the management center for the unified communications system of the American company Cisco Cisco. A cross-site request forgery vulnerability exists in Cisco Unified Intelligence Center, which could be exploited by remote attackers to hijack the authentication o...

China Orders Apple to Monitor App Store Users and Track their Identities

China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world’s most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into...

Spammers steal 400k user identities from Irish recruiter !

Job seekers' identities compromised in massive data breach. The Irish job website RecruitIreland.com was hacked last week, resulting in breached systems and the theft of the credentials of 400,000 users. The website was temporarily taken offline after the breach was discovered last Tuesday. A...

RedHat Update for pam_krb5 RHSA-2008:0907-01

Check for the Version of pamkrb5 OpenVAS Vulnerability Test RedHat Update for pamkrb5 RHSA-2008:0907-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Moderate: Red Hat Security Advisory: pam_krb5 security update

An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...