Lucene search
K

357 matches found

CVE
CVE
added 2025/08/01 5:38 p.m.24 views

CVE-2025-8472

CVE-2025-8472 affects Alpine iLX-507 devices. The vulnerability is a stack-based buffer overflow in vCard data parsing, caused by insufficient validation of the length of user-supplied data before copying to a stack buffer. Exploitation can lead to remote code execution with root privileges and r...

7.4CVSS7.8AI score0.00272EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/01 5:38 p.m.5 views

CVE-2025-8472 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the...

7.4CVSS7.8AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 5:38 p.m.9 views

CVE-2025-8472 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the...

7.4CVSS0.00272EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/01 12:0 a.m.9 views

(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data...

7.4CVSS7.5AI score0.00266EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/08/01 12:0 a.m.8 views

(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsi...

7.4CVSS7.5AI score0.00272EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.7 views

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

4.8CVSS4.8AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 p.m.8 views

CVE-2020-1410

A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB, aka 'Windows Address Book Remote Code Execution Vulnerability'...

9.3CVSS8.1AI score0.11536EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.11 views

CVE-2019-14757

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...

6.1CVSS7AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.8 views

CVE-2019-18641

Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller...

9.8CVSS6.9AI score0.03348EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 3:57 p.m.6 views

CVE-2025-39521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.7 views

CVE-2025-39521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:46 p.m.53 views

CVE-2025-39521

CVE-2025-39521 is a reflected XSS in the WordPress plugin Contact Form vCard Generator (versions n/a through 2.4). The vulnerability arises from improper neutralization of input during web page generation, enabling reflected cross-site scripting. Public sources (CVE entries and Patchstack) confir...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:46 p.m.15 views

CVE-2025-39521 WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:46 p.m.7 views

CVE-2025-39521 WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS8.6AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.3 views

WordPress plugin Contact Form vCard Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS6.9AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.7 views

PT-2025-17171 · Unknown · Ashish Ajani Contact Form Vcard Generator

Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means th...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/05 2:22 p.m.9 views

CVE-2025-31582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS7.2AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2025/04/03 2:15 p.m.5 views

CVE-2025-31582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

7.1CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/03 1:27 p.m.5 views

CVE-2025-31582 WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4...

7.1CVSS6.9AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 1:27 p.m.43 views

CVE-2025-31582

CVE-2025-31582 affects Contact Form vCard Generator (WordPress plugin) with an Unauthenticated Stored XSS in the plugin’s input handling. Root cause: improper neutralization of input during web page generation. Impact per available data: stored cross-site scripting potentially enabling content in...

7.1CVSS7.2AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder