SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized exte
6.5M client records from BPO division exposed via compromised McCamish Systems subsidiary
1.8M customer records exfiltrated from subsidiary Optus-linked systems via shared infrastructure
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code executi
14M private repository metadata records exposed via OAuth app token leakage
29,815,722 records exposed — Avatars, Email addresses, Geographic locations, Names and 2 more
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path o
570K driver records including SSNs and banking details accessed via compromised HR system
Microsoft Office Security Feature Bypass Vulnerability — Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an u
GNU InetUtils Argument Injection Vulnerability — GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment vari
Linux Kernel Integer Overflow Vulnerability — Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise pri
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability — SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthentica
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the passwor
1.7M customer records exposed via compromised partner API in mobile services platform
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability — Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious a
860K merchant store records including revenue data exposed via compromised support tool
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craf
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that l
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi
Versa Concerto Improper Authentication Vulnerability — Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to ac
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Comm
72,742,892 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more
8.7M customer records exposed via compromised customer portal at largest Korean telco
Business intelligence platform breached — ShinyHunters claimed responsibility