Craft CMS Craft CMS
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability — Cisco Secure Firewall Management Center (FMC) Software a
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading
Wing FTP Server Information Disclosure Vulnerability — Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Google Skia Out-of-Bounds Write Vulnerability — Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerabil
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability — Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerabil
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability — n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability — Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticat
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on t
Omnissa Workspace ONE Server-Side Request Forgery — Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with
Hikvision Multiple Products Improper Authentication Vulnerability — Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and
712,904 records exposed — Email addresses, Usernames
495,556 records exposed — Display names, Email addresses, Profile photos
22,874 records exposed — Email addresses, Partial dates of birth, Usernames
1,060,191 records exposed — AI prompts, Email addresses, Forum posts, Names
450,764 records exposed — Email addresses, Names, Physical addresses
1,017 records exposed — Chat logs, Email addresses, IP addresses, Usernames
663,121 records exposed — Email addresses, Phone numbers
5,112,502 records exposed — Email addresses, Names, Phone numbers, Physical addresses
29,815,722 records exposed — Avatars, Email addresses, Geographic locations, Names and 2 more
72,742,892 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more
6,215,150 records exposed — Display names, Email addresses, Geographic locations, Phone numbers and 1 more
672,247 records exposed — Email addresses, Forum posts, Passwords, Private messages and 1 more