SmarterTools SmarterMail
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the passwor
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the passwor
Linux Kernel Integer Overflow Vulnerability — Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise pri
GNU InetUtils Argument Injection Vulnerability — GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment vari
Microsoft Office Security Feature Bypass Vulnerability — Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an u
570K driver records including SSNs and banking details accessed via compromised HR system
1.9M customer records from wealth management division exposed via partner API vulnerability
1.9M veteran health records exposed via compromised community care referral system
920K brokerage account records exposed via compromised data analytics vendor
1.2M bank accounts potentially compromised in national registry breach
290K student and research records exposed via compromised research data portal
480K frequent flyer records including passport numbers accessed via loyalty program vulnerability
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability — Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious a
1.7M customer records exposed via compromised partner API in mobile services platform
860K merchant store records including revenue data exposed via compromised support tool
42K student records exposed via zero-day in student information system — grades and SSNs
380K customer utility records and pipeline operations data exposed via compromised SCADA vendor
2.4M patient records stolen from 65 hospitals in coordinated supply chain attack
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craf
Versa Concerto Improper Authentication Vulnerability — Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to ac
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that l
2.3M patient records stolen from Australian private hospital operator
1.6M customer records from US and UK operations exposed via MOVEit successor vulnerability
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Comm