2025 marked a continued acceleration in confirmed-breach disclosures. Below is every 2025 incident LeakTrace has indexed.
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability — MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol head
2,364,431 records exposed — Dates of birth, Display names, Email addresses, Genders and 4 more
401,400 records exposed — Dates of birth, Email addresses, Genders, Loyalty program details and 4 more
6,341,495 records exposed — Dates of birth, Email addresses, Genders, Government issued IDs and 4 more
Digiever DS-2105 Pro Missing Authorization Vulnerability — Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
2.3M subscriber records leaked on hacking forum
WatchGuard Firebox Out of Bounds Write Vulnerability — WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attac
96,320 records exposed — Dates of birth, Email addresses, Passwords, Usernames
487,226 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 3 more
515,149 records exposed — Email addresses, IP addresses, Passwords, Usernames
Cisco Multiple Products Improper Input Validation Vulnerability — Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows thr
ASUS Live Update Embedded Malicious Code Vulnerability — ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compro
SonicWall SMA1000 Missing Authorization Vulnerability — SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability — Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulner
Apple Multiple Products Use-After-Free WebKit Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to me
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability — Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulne
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability — Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted H
Google Chromium Out of Bounds Memory Access Vulnerability — Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a c
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability — OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accep
190K resident records exposed via compromised property tax and utility billing portal
560K patient device records compromised
1.8M driver records exposed via compromised background check vendor system
RARLAB WinRAR Path Traversal Vulnerability — RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
Microsoft Windows Use After Free Vulnerability — Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.