CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

EUVD-2016-5671

Malware in sbrugna...

EUVD-2021-27365

Malware in sbrugna...

EUVD-2022-49565

Malicious code in bioql PyPI...

EUVD-2024-50922

Malicious code in bioql PyPI...

CVE-2024-12511

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

CVE-2024-12511

CVE-2024-12511 is a Xerox VersaLink pass-back vulnerability affecting VersaLink MFPs (C7020/7025/7030 series) up to firmware 57.69.91. An attacker with printer/admin access and configured SMB/FTP scan could alter the user address book to redirect SMB/FTP traffic to a rogue host, allowing capture ...

Xerox Versalink 安全漏洞

Xerox VersaLink is a line of commercial printers from Xerox Corporation USA. A security vulnerability exists in Xerox Versalink that originates from access via the address book and can modify SMB/FTP settings, redirect scans and potentially capture credentials...

CVE-2021-40180

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts...

Tencent WeChat 信息泄露漏洞

Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, images, and text, among others. A security vulnerability exists in Tencent WeChat version 8.0.10, which stems from an applet that can obtain sensitiv...

Apple iOS Messages Component Information Disclosure Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. Messages is an application component for sending text, photos and videos. An information disclosure vulnerability exists in the Messages component in versions of Apple iOS prior to 13, which can be exploited by an attacke...

Apple iOS and Apple iPadOS VoiceOver Component Lock Screen Bypass Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer.VoiceOver is one of the voice assistance components. A lock screen bypass vulnerability exists in the VoiceOver...

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

Server: Improper authorization checks in contacts

Due to not verifying whether an user has been granted access to an address book, authenticated users are able to access arbitrary contacts of other users. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...