Microsoft SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
1,266,822 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 5 more
105,814 records exposed — Email addresses, Purchases, Usernames
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
Omnissa Workspace ONE Server-Side Request Forgery — Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on t
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability — Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticat
Hikvision Multiple Products Improper Authentication Vulnerability — Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and
712,904 records exposed — Email addresses, Usernames
22,874 records exposed — Email addresses, Partial dates of birth, Usernames
495,556 records exposed — Display names, Email addresses, Profile photos
1,060,191 records exposed — AI prompts, Email addresses, Forum posts, Names
6,077,025 records exposed — Bank account numbers, Customer service records, Dates of birth, Driver's licenses and 7 more
38,306,562 records exposed — Dates of birth, Email addresses, Genders, Names and 4 more
12,461,887 records exposed — Email addresses, IP addresses, Names, Phone numbers and 1 more
431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses
967,178 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more
581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more
450,764 records exposed — Email addresses, Names, Physical addresses
623,750 records exposed — Charitable donations, Dates of birth, Email addresses, Genders and 7 more
5,600 records exposed — Dates of birth, Email addresses, Names, Places of birth and 1 more