Lucene search
K

59503 matches found

NVD
NVD
added 2026/07/07 7:16 p.m.8 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/07 5:29 p.m.8 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 5:29 p.m.32 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 5:29 p.m.6 views

EUVD-2026-42061

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.6 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/07 5:29 p.m.11 views

CVE-2026-48948

CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56221

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/05 1:10 a.m.14 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.7CVSS7.1AI score0.01041EPSS
Exploits8
Fedora
Fedora
added 2026/07/05 12:52 a.m.11 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.6-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.7CVSS7.1AI score0.01041EPSS
Exploits8
NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.33 views

CVE-2026-14029 Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 8:33 a.m.16 views

CVE-2026-14029

The Groundhogg WordPress plugin (versions up to and including 4.5.8) is affected by a generic SQL Injection via the 'select' parameter. The root cause is insufficient escaping and inadequate preparation of the underlying SQL query, allowing an authenticated attacker with a custom Groundhogg role ...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/26 1:27 a.m.37 views

CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00281EPSS
Exploits0References8
NVD
NVD
added 2026/06/19 6:16 p.m.17 views

CVE-2019-25761

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS0.00221EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/19 9:3 a.m.31 views

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...

6AI score
Exploits0
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS0.00312EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/19 4:31 a.m.12 views

EUVD-2026-37985

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS6AI score0.00312EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50836

Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References18
Rows per page
Query Builder