CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
Monthly
Information disclosure in XWiki Platform's LiveTableResults macro allows unauthenticated remote attackers to reconstruct user password hashes and salts one bit at a time by sending approximately 768 crafted requests with manipulated class-per-property parameters. This is a bypass of the prior fix for GHSA-5cf8-vrr8-8hjm, which failed to account for an alternate parameter path. No public exploit is identified at time of analysis, but the technique is fully described in the vendor advisory.
Authentication bypass in Digital Operations Services Inc. WifiBurada (all versions through 21052026) allows authenticated remote attackers to access private personal information and credentials belonging to other users due to insufficient credential protection. The flaw, reported by TR-CERT and tracked as EUVD-2025-209910, carries a CVSS 7.1 score with high confidentiality impact; no public exploit identified at time of analysis and the vendor has not responded to disclosure attempts.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
Authenticated CloudStack users can hijack volumes from other tenants' backups via the Backup plugin in versions 4.21.0.0 and 4.22.0.0. Attackers with low-privileged authenticated access can restore any user's backup volume and attach it to their own VMs, enabling complete data theft across tenant boundaries in multi-tenant environments. CVSS 8.1 reflects high confidentiality and integrity impact with low attack complexity. EPSS score of 0.01% indicates minimal observed exploitation activity, while SSVC assessment confirms non-automatable, partial technical impact with no known exploitation. Apache released patch version 4.22.0.1 addressing the access control flaw.
Improper access control in the CloudStack Backup plugin allows authenticated users in CloudStack 4.21.0.0 through 4.22.0.0 to create new virtual machines using backups belonging to other users, enabling unauthorized data access and VM provisioning. The vulnerability requires valid CloudStack credentials and access to specific backup-related APIs but carries elevated risk in multi-tenant environments. Vendor-released patch available in CloudStack 4.22.0.1.
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. [CVSS 2.7 LOW]
Information disclosure in XWiki Platform's LiveTableResults macro allows unauthenticated remote attackers to reconstruct user password hashes and salts one bit at a time by sending approximately 768 crafted requests with manipulated class-per-property parameters. This is a bypass of the prior fix for GHSA-5cf8-vrr8-8hjm, which failed to account for an alternate parameter path. No public exploit is identified at time of analysis, but the technique is fully described in the vendor advisory.
Authentication bypass in Digital Operations Services Inc. WifiBurada (all versions through 21052026) allows authenticated remote attackers to access private personal information and credentials belonging to other users due to insufficient credential protection. The flaw, reported by TR-CERT and tracked as EUVD-2025-209910, carries a CVSS 7.1 score with high confidentiality impact; no public exploit identified at time of analysis and the vendor has not responded to disclosure attempts.
IP address tracking across iOS, iPadOS, macOS, and visionOS allows remote attackers to correlate user activity without authentication due to improper state management (CWE-359: Exposure of Private Personal Information). The vulnerability affects default configurations across six Apple OS versions with network-accessible attack vector and low complexity. EPSS score of 0.02% (7th percentile) indicates minimal observed exploitation activity. Apple released coordinated patches across all affected platforms in March 2026 security updates.
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.
Authenticated CloudStack users can hijack volumes from other tenants' backups via the Backup plugin in versions 4.21.0.0 and 4.22.0.0. Attackers with low-privileged authenticated access can restore any user's backup volume and attach it to their own VMs, enabling complete data theft across tenant boundaries in multi-tenant environments. CVSS 8.1 reflects high confidentiality and integrity impact with low attack complexity. EPSS score of 0.01% indicates minimal observed exploitation activity, while SSVC assessment confirms non-automatable, partial technical impact with no known exploitation. Apache released patch version 4.22.0.1 addressing the access control flaw.
Improper access control in the CloudStack Backup plugin allows authenticated users in CloudStack 4.21.0.0 through 4.22.0.0 to create new virtual machines using backups belonging to other users, enabling unauthorized data access and VM provisioning. The vulnerability requires valid CloudStack credentials and access to specific backup-related APIs but carries elevated risk in multi-tenant environments. Vendor-released patch available in CloudStack 4.22.0.1.
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. [CVSS 2.7 LOW]