EUVD-2026-34225

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

CVE-2026-50213 Bulk User Private Data Harvesting

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...

PT-2026-38263

Name of the Vulnerable Software and Affected Versions auth0-js versions 8.11.0 through 9.32.0 Description Improper validation in the Auth0.js SDK may allow the return of user profile data when a specifically crafted invalid ID token is used in conjunction with a valid access token. This issue...

EUVD-2025-13693

Malicious code in bioql PyPI...

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

CVE-2022-40287 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting XSS vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account...

Code injection

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

OPENSUSE-SU-2020:1042-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...

Cisco WebEx Meeting Center Information Disclosure Vulnerability (CNVD-2017-32120)

Cisco Jabber is a cross-device collaboration system from Cisco Cisco. The system provides voice, video, desktop sharing and conferencing. An information disclosure vulnerability exists in the web interface in Cisco Jabber, which stems from the program's lack of input and authentication detection....

CVE-2012-2296

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability

CVE: CVE-2012-2296 Using Janrain Engage, Drupal sites can authenticate new and existing users with popular social networks, map user profile data from these websites to Drupal fields, and share Drupal content with a user's friends on their social networks. The module permanently retains the...

Facebook Vulnerable to Clickjacking Attacks

Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday. Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to...

Security Update For Exchange Server 2016 CU10 (KB4468741)

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data...