#information disclosure

🌍 Web Vulnerabilities Beginner Web CVE-2026-30847

Wekan 8.31.0 – 8.33 Meteor DDP notificationUsers Sensitive Data Exposure (CVE-2026-30847)

A sensitive data exposure vulnerability in Wekan versions 8.31.0 through 8.33 allows any authenticated user to subscribe to the Meteor DDP publication "notificationUsers" and retrieve sensitive user documents including bcrypt password hashes, login session tokens, and email information due to missing authorization and field projection.

Mar 16, 2026 · 4 min read · Other

#information disclosure #Session Tokens #Data Leak #Password Hash Leak

🌍 Web Vulnerabilities Intermediate Web CVE-2026-28358

NocoDB ≤ 0.301.2 User Enumeration via Password Reset Endpoint (CVE-2026-28358)

A user enumeration vulnerability in NocoDB versions up to 0.301.2 allows attackers to determine whether an email address is registered by analyzing responses from the password reset endpoint. This issue may allow attackers to collect valid user accounts for further attacks.

Mar 4, 2026 · 3 min read · Other

#information disclosure #Security Research #User Enumeration #NocoDB

📋 windows Intermediate Windows CVE-2025-24071

Windows File Explorer NTLM Hash Disclosure via .library-ms Archive (CVE-2025-24071)

A vulnerability in Windows File Explorer causes NTLM authentication requests to be automatically triggered when extracting malicious .library-ms files from ZIP archives, potentially leaking NTLM hashes to an attacker-controlled SMB server.

May 27, 2025 · 2 min read · Other

#cybersecurity #smb attack #windows explorer vulnerability #ntlm hash disclosure

Wekan 8.31.0 – 8.33 Meteor DDP notificationUsers Sensitive Data Exposure (CVE-2026-30847)

NocoDB ≤ 0.301.2 User Enumeration via Password Reset Endpoint (CVE-2026-28358)

Windows File Explorer NTLM Hash Disclosure via .library-ms Archive (CVE-2025-24071)

Stay updated on new research