357 matches found
CVE-2025-8472
CVE-2025-8472 affects Alpine iLX-507 devices. The vulnerability is a stack-based buffer overflow in vCard data parsing, caused by insufficient validation of the length of user-supplied data before copying to a stack buffer. Exploitation can lead to remote code execution with root privileges and r...
CVE-2025-8472 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the...
CVE-2025-8472 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the...
(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data...
(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsi...
CVE-2024-45513
An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...
CVE-2020-1410
A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB, aka 'Windows Address Book Remote Code Execution Vulnerability'...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2019-18641
Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller...
CVE-2025-39521
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
CVE-2025-39521
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
CVE-2025-39521
CVE-2025-39521 is a reflected XSS in the WordPress plugin Contact Form vCard Generator (versions n/a through 2.4). The vulnerability arises from improper neutralization of input during web page generation, enabling reflected cross-site scripting. Public sources (CVE entries and Patchstack) confir...
CVE-2025-39521 WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
CVE-2025-39521 WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
WordPress plugin Contact Form vCard Generator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-17171 · Unknown · Ashish Ajani Contact Form Vcard Generator
Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means th...
CVE-2025-31582
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
CVE-2025-31582
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...
CVE-2025-31582 WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4...
CVE-2025-31582
CVE-2025-31582 affects Contact Form vCard Generator (WordPress plugin) with an Unauthenticated Stored XSS in the plugin’s input handling. Root cause: improper neutralization of input during web page generation. Impact per available data: stored cross-site scripting potentially enabling content in...