Lucene search
K

364 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-48948 Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42061

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-48948

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago11 views

CVE-2026-48948

CVE-2026-48948: Joomla! Core vulnerability in the com_contact vCard download suffered from an improper access check, enabling a user to download vCard exports for contacts that should be inaccessible. The issue is in Joomla core functionality (com_contact) and is described across multiple feeds (...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56221

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.20 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.5 views

[20260702] - Core - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/25 12:17 a.m.8 views

OSV-2026-621 Use-of-uninitialized-value in vcardtime_from_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903588 Crash type: Use-of-uninitialized-value Crash state: vcardtimefromstring vcardvaluenewfromstring parsevcard...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/02/26 12:16 a.m.6 views

OSV-2026-311 UNKNOWN READ in strncasecmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=487216732 Crash type: UNKNOWN READ Crash state: strncasecmp vcardcomponentstringtokind parsevcard...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/25 12:19 a.m.6 views

OSV-2026-308 Heap-buffer-overflow in vcardstructured_new_from_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486715154 Crash type: Heap-buffer-overflow WRITE 8 Crash state: vcardstructurednewfromstring vcardparametersetvaluefromstring parsevcard...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/21 12:20 a.m.5 views

OSV-2026-272 Heap-use-after-free in vcardproperty_get_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=485932113 Crash type: Heap-use-after-free READ 8 Crash state: vcardpropertygetvalue vcardpropertygetversion parsevcard...

5.4AI score
Exploits0References1
NVD
NVD
added 2026/02/03 10:16 p.m.6 views

CVE-2020-37071

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS0.00615EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.31 views

CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS0.00615EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS6.8AI score0.00615EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37071

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS6.8AI score0.00615EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.14 views

CVE-2020-37071

Summary: CVE-2020-37071 affects CraftCMS 3 vCard Plugin 1.0.0 and is a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code via a crafted payload. The attack is triggered by exploiting the plugin’s vCard download functionality with a specially crafted ...

9.8CVSS6.8AI score0.00615EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5822

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

9.8CVSS6.9AI score0.00615EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

CraftCMS 3 vCard Plugin 代码问题漏洞

The CraftCMS 3 vCard Plugin is a vCard generator plugin developed by Nathaniel Hammond. Version 1.0.0 of the CraftCMS 3 vCard Plugin has code vulnerabilities; these vulnerabilities stem from deserialization vulnerabilities, which may allow for the execution of arbitrary PHP code...

9.8CVSS6.1AI score0.00615EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.7 views

CVE-2025-13717

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

5.3CVSS5.3AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder