25 matches found
CVE-2025-1475
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
EUVD-2022-52563
Malicious code in bioql PyPI...
EUVD-2022-52568
Malicious code in bioql PyPI...
EUVD-2022-52562
Malicious code in bioql PyPI...
EUVD-2025-7400
Malicious code in bioql PyPI...
EUVD-2024-42780
Malicious code in bioql PyPI...
CVE-2022-30733
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32881
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-2221
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘userphone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
PT-2025-11248
Name of the Vulnerable Software and Affected Versions: WPCOM Member plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to time-based SQL Injection via the user phone parameter due to insufficient escaping on the user-supplied parameter and lack of sufficie...
CVE-2025-1475
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
WordPress plugin WPCOM Member 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...
The vulnerability of the Ruijie Reyee OS, related to deficiencies in data storage, allows a perpetrator to match the device serial number with the user’s phone number and a portion of the email address.
The vulnerability of the Ruijie Reyee OS is related to deficiencies in the storage of service data. Exploiting this vulnerability allows a malicious actor to match the device serial number with the user’s phone number and part of the email address...
PT-2024-9567 · Ruijie · Ruijie Reyee Os
Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x Description: The issue is related to insufficient storage of service data in the Ruijie Reyee OS, which could allow a remote attacker to correlate a device's serial number with...
CVE-2022-30739
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission...
CVE-2022-30734
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission...
Samsung Account 日志信息泄露漏洞
Samsung Account is a cell phone account from Samsung, a South Korean company. versions prior to Samsung Account 13.2.00.6 contain an information disclosure vulnerability that could be exploited by an attacker to obtain a user's email or phone number without permission...