Langflow Langflow
Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Technology & Software Data Breaches (1095 indexed)
CGI Group (Canada)
420K government contract records from Canadian IT services firm exposed in supply chain attack
RuneScape Boards
222,762 records exposed — Email addresses, IP addresses, Passwords, Usernames
‘CanisterWorm’ Springs Wiper Attack Targeting
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Ir
SAP SE (Cloud)
1.6M enterprise customer records from S/4HANA Cloud exposed via authentication bypass
Oracle Cloud (Customer Tenants)
6M records from 140K+ tenants allegedly accessed via authentication bypass in legacy systems
Apple Multiple Products
Apple Multiple Products Improper Locking Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected change
Apple Multiple Products
Apple Multiple Products Classic Buffer Overflow Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause une
Apple Multiple Products
Apple Multiple Products Buffer Overflow Vulnerability — Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web con
Craft CMS Craft CMS
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Laravel Livewire
Laravel Livewire Code Injection Vulnerability — Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Palo Alto Networks (Vendor)
Customer firewall configurations and 280K support records exposed via compromised support portal
Cisco Secure Firewall Management Center (FMC)
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability — Cisco Secure Firewall Management Center (FMC) Software a
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
Microsoft SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Hewlett Packard Enterprise
1.1M enterprise customer support records accessed via compromised Aruba Networks portal
Wing FTP Server Wing FTP Server
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Wipro Technologies (India)
890K employee and client records exposed via compromised email system in phishing campaign
Google Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
Google Skia
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Toshiba (Japan)
430K employee and business partner records stolen in DarkAngels ransomware attack
Adobe Inc. (Creative Cloud)
1.8M Creative Cloud subscriber records exposed via compromised customer success platform
n8n n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
ShinyHunters Targets Hundreds of Websites
Prolific ShinyHunters group claims to have stolen data from nearly 400 websites in Experience Cloud attacks