This page collects WhisperX intelligence signals tagged #data-exposure. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability allows any unauthenticated user to download all files uploaded to the system. The file download endpoint `/api/files/` lacks the mandatory authentication middleware, creating a direct path for anonymous data access. This authentication bypass stands in stark contrast to all other file ...
A high-severity vulnerability (CVE-2022-0155) has been detected in the widely used `follow-redirects` npm library, exposing private personal information to unauthorized actors. The flaw, with a CVSS score of 8.0, resides in version 1.5.10 of the library, which is a core dependency for handling HTTP and HTTPS redirects....
A critical authentication bypass flaw in the Observal application allows unauthenticated users to gain full access to its protected dashboard and internal pages. The vulnerability is triggered by a simple URL manipulation: removing the `/login` path from the application's address. This exposes the primary dashboard, th...
Security researchers have raised concerns after discovering that Persona, a company specializing in age verification services, left its front end exposed, according to reports surfacing in the security community. The exposure, details of which emerged through researcher analysis shared on Hacker News, suggests a potent...
A now-patched Supabase configuration flaw left the user database of baseball platform ninthinning.email exposed to public email enumeration for an extended period before production access was revoked on April 30, 2026. Pull request #80 resolved the vulnerability, which resided in the `public.mlb_users` view—a Postgres ...
A security review of a single-page presenter deck has uncovered a medium-severity exposure in which confidential commercial-validation strategy was embedded directly into HTML source code, visible to anyone with access to the page. The document, a private presentation intended for nine named principals, contained expli...
A critical authorization bypass vulnerability has been identified in Casazen's booking system, leaving all booking endpoints accessible without authentication. The issue stems from an authorization attribute that was commented out in the BookingsController during debugging and never re-enabled before deployment. Securi...