59503 matches found
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
EUVD-2026-42061
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...
PT-2026-56221
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...
[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: nextcloud-33.0.6-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
CVE-2026-14029
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-14029 Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2026-41270
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-14029
The Groundhogg WordPress plugin (versions up to and including 4.5.8) is affected by a generic SQL Injection via the 'select' parameter. The root cause is insufficient escaping and inadequate preparation of the underlying SQL query, allowing an authenticated attacker with a custom Groundhogg role ...
CVE-2026-11592
The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...
CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2019-25761
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...
CVE-2026-11989
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...
EUVD-2026-37985
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...
PT-2026-50836
Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...