HTMLDOC 1.9.13 - Stack Buffer Overflow

In August 2025, over 1M unique email addresses appeared in a breach allegedly obtained from Italian fashion designer Giglio. The data also included names, phone numbers and physical addresses. Giglio did not respond to repeated attempts to disclose the incident.

In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum. TheSqua.re did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)

GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure

StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload

Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass

Lingdang CRM 8.6.4.7 - SQL Injection

In July 2025,