59487 matches found
PT-2026-45585
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-465133716
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-13167
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
CVE-2025-13167
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
CVE-2025-13167
Technical details (affected versions, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates from Synology advisory and CVE records.
EUVD-2025-209954
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
CVE-2025-13167
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
CVE-2025-13167
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...
PT-2026-43584
Name of the Vulnerable Software and Affected Versions Synology Contacts versions prior to 1.0.10-20659 Description Improper neutralization of input during web page generation leads to a Cross-site Scripting XSS issue in the contact functionality. This allows remote authenticated users to read or...
CVE-2026-44706
Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...
CVE-2026-44706
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...
CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...
CVE-2026-41961
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-30524
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-41961
Technical details about CVE-2026-41961 are not publicly available in the provided documents. Monitor for updates from Huawei and CVE/NVD sources for affected products, versions, root cause, and remediation.
CVE-2026-41961
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-41961
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-41961
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2026-41282
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-29244
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...