364 matches found
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
EUVD-2026-42061
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...
PT-2026-56221
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...
[20260702] - Core - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
OSV-2026-621 Use-of-uninitialized-value in vcardtime_from_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903588 Crash type: Use-of-uninitialized-value Crash state: vcardtimefromstring vcardvaluenewfromstring parsevcard...
OSV-2026-311 UNKNOWN READ in strncasecmp
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=487216732 Crash type: UNKNOWN READ Crash state: strncasecmp vcardcomponentstringtokind parsevcard...
OSV-2026-308 Heap-buffer-overflow in vcardstructured_new_from_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486715154 Crash type: Heap-buffer-overflow WRITE 8 Crash state: vcardstructurednewfromstring vcardparametersetvaluefromstring parsevcard...
OSV-2026-272 Heap-use-after-free in vcardproperty_get_value
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=485932113 Crash type: Heap-use-after-free READ 8 Crash state: vcardpropertygetvalue vcardpropertygetversion parsevcard...
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CVE-2020-37071
Summary: CVE-2020-37071 affects CraftCMS 3 vCard Plugin 1.0.0 and is a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code via a crafted payload. The attack is triggered by exploiting the plugin’s vCard download functionality with a specially crafted ...
PT-2026-5822
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...
CraftCMS 3 vCard Plugin 代码问题漏洞
The CraftCMS 3 vCard Plugin is a vCard generator plugin developed by Nathaniel Hammond. Version 1.0.0 of the CraftCMS 3 vCard Plugin has code vulnerabilities; these vulnerabilities stem from deserialization vulnerabilities, which may allow for the execution of arbitrary PHP code...
CVE-2025-13717
The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...