Live disclosure tracker · updated continuously

Technology & Software Data Breaches

SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.

98B+
Records Exposed
6229
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 2026 Index

Technology & Software Data Breaches (6229 indexed)

high · tech · May 20, 2026

Microsoft DirectX

Microsoft DirectX NULL Byte Overwrite Vulnerability — Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · tech · May 19, 2026

CTT

468,124 records exposed — Email addresses, Names, Phone numbers

View incident → Indexed 1 month, 3 weeks ago
high · tech · May 15, 2026

Microsoft Microsoft

Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi

high · tech · May 14, 2026

Cisco Catalyst SD-WAN

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a

high · tech · May 8, 2026

BerriAI LiteLLM

BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized acces

View incident → Original disclosure Indexed 2 months, 1 week ago
medium · tech · May 7, 2026

Woflow

447,593 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Indexed 2 months, 1 week ago
high · tech · May 6, 2026

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un

View incident → Original disclosure Indexed 2 months, 1 week ago
high · tech · May 1, 2026

Linux Kernel

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability — Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 28, 2026

Microsoft Windows

Microsoft Windows Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

View incident → Original disclosure Indexed 2 months, 2 weeks ago
critical · tech · Apr 28, 2026

ConnectWise ScreenConnect

ConnectWise ScreenConnect Path Traversal Vulnerability — ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and cri

View incident → Original disclosure Indexed 2 months, 2 weeks ago
high · tech · Apr 27, 2026

Pitney Bowes

8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more

View incident → Indexed 2 months, 2 weeks ago
critical · tech · Apr 24, 2026

SimpleHelp SimpleHelp

SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · tech · Apr 24, 2026

SimpleHelp SimpleHelp

SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 24, 2026

Samsung MagicINFO 9 Server

Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 24, 2026

D-Link DIR-823X

D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to

View incident → Original disclosure Indexed 2 months, 3 weeks ago
high · tech · Apr 23, 2026

Marimo Marimo

Marimo Remote Code Execution Vulnerability — Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · tech · Apr 22, 2026

Microsoft Defender

Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr

View incident → Original disclosure Indexed 2 months, 3 weeks ago
critical · tech · Apr 20, 2026

JetBrains TeamCity

JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed. — (Known ransomware-campaign exploita

View incident → Original disclosure Indexed 2 months, 3 weeks ago