Lucene search
K

59487 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45585

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-465133716

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 a.m.12 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:34 a.m.10 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:34 a.m.15 views

CVE-2025-13167

Technical details (affected versions, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates from Synology advisory and CVE records.

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/27 8:34 a.m.13 views

EUVD-2025-209954

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:34 a.m.31 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:34 a.m.14 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43584

Name of the Vulnerable Software and Affected Versions Synology Contacts versions prior to 1.0.10-20659 Description Improper neutralization of input during web page generation leads to a Cross-site Scripting XSS issue in the contact functionality. This allows remote authenticated users to read or...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 5:7 p.m.26 views

CVE-2026-44706

Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:7 p.m.8 views

CVE-2026-44706

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:7 p.m.10 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 10:16 a.m.17 views

CVE-2026-41961

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS0.00078EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 9:22 a.m.10 views

EUVD-2026-30524

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 9:22 a.m.15 views

CVE-2026-41961

Technical details about CVE-2026-41961 are not publicly available in the provided documents. Monitor for updates from Huawei and CVE/NVD sources for affected products, versions, root cause, and remediation.

5.9CVSS5.8AI score0.00078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:22 a.m.7 views

CVE-2026-41961

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 9:22 a.m.8 views

CVE-2026-41961

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 9:22 a.m.44 views

CVE-2026-41961

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS0.00078EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41282

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.8AI score0.00078EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 9:31 p.m.11 views

EUVD-2026-29244

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

5.8AI score0.00306EPSS
Exploits0References4
Rows per page
Query Builder