Google Chromium
Google Chromium Out of Bounds Memory Access Vulnerability — Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a c
Latest Disclosures
OSGeo GeoServer
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability — OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accep
City of Mississauga (Ontario)
190K resident records exposed via compromised property tax and utility billing portal
Philips Healthcare
560K patient device records compromised
Uber Technologies (2025)
1.8M driver records exposed via compromised background check vendor system
RARLAB WinRAR
RARLAB WinRAR Path Traversal Vulnerability — RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
Microsoft Windows
Microsoft Windows Use After Free Vulnerability — Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
Vanderbilt University
190K student and medical center records exposed via ransomware on administrative systems
Discover Financial Services
520K card holder records exposed via vulnerability in mobile banking application
D-Link Routers
D-Link Routers Buffer Overflow Vulnerability — D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (E
Array Networks ArrayOS AG
Array Networks ArrayOS AG OS Command Injection Vulnerability — Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
KinoKong
817,808 records exposed — Email addresses, IP addresses, Names, Passwords and 1 more
Stripe vendor incident
450K merchant records exposed via third-party integration
Enbridge Inc
780K customer and pipeline operational records exposed
Sharp Corporation
340K customer records stolen
Gibson Dunn & Crutcher LLP
280K antitrust investigation records exposed via phishing attack on senior associates
Confluent (Kafka Cloud)
180K enterprise streaming configurations exposed via SSRF vulnerability in management API
City of Indianapolis
340K resident records stolen
Royal Adelaide Hospital
340K patient records exposed
Meta React Server Components
Meta React Server Components Remote Code Execution Vulnerability — Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw i
OpenPLC ScadaBR
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability — OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload a
Amazon (Ring / Alexa)
2.8M smart home device user records exposed via misconfigured internal analytics pipeline
Android Framework
Android Framework Information Disclosure Vulnerability — Android Framework contains an unspecified vulnerability that allows for information disclosure.
Android Framework
Android Framework Privilege Escalation Vulnerability — Android Framework contains an unspecified vulnerability that allows for privilege escalation.