Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-0085

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.13 views

CVE-2026-0085

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00071EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0085

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00071EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45591

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00071EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 6:42 p.m.37 views

CVE-2026-0012

CVE-2026-0012 affects Android’s ExpandableNotificationRow.java (setHideSensitive) with a logic error causing a local information disclosure of contact names. Exploitation requires no user interaction and grants no privileges beyond local access; the issue is classified as information disclosure (...

6.2CVSS6.1AI score0.001EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/01 12:0 a.m.5 views

ASB-A-392614656

In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS6.1AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/20 9:30 p.m.5 views

EUVD-2025-198350

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...

4.3CVSS4.7AI score0.00252EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7728

Malware in sbrugna...

6.1CVSS6.3AI score0.00713EPSS
Exploits0References3
OSV
OSV
added 2025/09/19 9:31 p.m.6 views

GHSA-8C8V-R5JJ-4425 Liferay Contacts Center widget has insecure direct object reference

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

6.9CVSS7AI score0.00257EPSS
Exploits0References3
NVD
NVD
added 2025/09/19 7:15 p.m.10 views

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

6.9CVSS0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38612

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92 Description An insecure direct object reference...

6.9CVSS6.7AI score0.00257EPSS
Exploits0References7
OSV
OSV
added 2019/03/21 4:0 p.m.2 views

CVE-2018-17502

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...

3.3CVSS5.8AI score0.0034EPSS
Exploits0References1
Prion
Prion
added 2019/03/21 4:0 p.m.7 views

Design/Logic Flaw

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...

2.1CVSS3.9AI score0.0034EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2017/06/01 8:32 a.m.33 views

Mixmax: [compose.mixmax.com] Stored XSS on compose.mixmax.com in contact names.

Thanks @sh3r1 !...

1.7AI score
Exploits0
CNVD
CNVD
added 2017/04/18 12:0 a.m.4 views

Huawei P7-L10 MeWidget Information Disclosure Vulnerability

The P7-L10 is a smartphone from the Chinese company Huawei.MeWidget is one of the desktop customization tools. An information disclosure vulnerability exists in the MeWidget plugin in Huawei P7-L10 V100R001C00B136 and earlier versions. The vulnerability can be exploited by an attacker with the he...

4.3CVSS6.1AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2016/12/15 6:59 a.m.19 views

CVE-2016-6843

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...

6.1CVSS6.3AI score0.00713EPSS
Exploits0References2
OSV
OSV
added 2016/12/15 6:59 a.m.3 views

CVE-2016-6843

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...

6.1CVSS5.8AI score0.00713EPSS
Exploits0References2
Prion
Prion
added 2016/12/15 6:59 a.m.20 views

Open redirect

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...

4.3CVSS7.1AI score0.00713EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.26 views

Scientific Linux Security Update : evolution on SL6.x i386/x86_64 (20130221)

The way Evolution handled mailto URLs allowed any file to be attached to the new message. This could lead to information disclosure if the user did not notice the attached file before sending the message. With this update, mailto URLs cannot be used to attach certain files, such as hidden files o...

4.3CVSS7AI score0.02673EPSS
Exploits0References2
CVE
CVE
added 2011/03/16 10:0 p.m.43 views

CVE-2011-0745

SugarCRM prior to 6.1.3 is affected by CVE-2011-0745. The issue arises when reloading or directly requesting a warning page produced by a duplicate-check, allowing remote authenticated users to see names they normally should not access: (1) customer names via ShowDuplicates in the Accounts module...

4CVSS6.4AI score0.06264EPSS
Exploits2References7Affected Software1
Rows per page
Query Builder