Lucene search
K

13 matches found

NVD
NVD
added 2025/12/05 5:16 p.m.10 views

CVE-2025-66510

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.9CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:18 p.m.2 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 4:18 p.m.24 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS0.00302EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 4:18 p.m.6 views

CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6.3AI score0.00302EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server that stems from improper access control of the contact search feature, which could lead to information disclosure...

4.9CVSS6.2AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49265

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

4.5CVSS6.4AI score0.00302EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/07/05 10:42 a.m.4 views

Mars: Reflected HTML Injection via contact (faq) search parameter on ██████████

The report describes a reflected HTML injection vulnerability in the contact faq search parameter on the ██████████. A specific HTML payload entered into this parameter was reflected back in the response without proper sanitization, allowing for the execution of arbitrary HTML and potentially...

7.5AI score
Exploits0
Snyk
Snyk
added 2022/06/23 9:24 a.m.1 views

Malicious Package

Overview @commercialsalesandmarketing/contact-search is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

9.8CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/18 6:18 a.m.2 views

Malicious code in @commercialsalesandmarketing/contact-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e61eaf68c0708ce952ccab5bf707f36175c24e35f12127a74b04dbbf0cfd45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2006/03/07 11:0 a.m.26 views

CVE-2006-1048

Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the 1 Weblink, 2 Polls, 3 Newsfeeds, 4 Weblinks, 5 Content, 6 Content Section, 7 Content Category, 8 Contact items, or 9 Contact Search, 10 Content...

6.7AI score0.01215EPSS
Exploits0References5
NVD
NVD
added 2006/02/01 11:2 p.m.18 views

CVE-2006-0509

Multiple cross-site scripting XSS vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via 1 the contactsearch parameter and 2 unspecified url fields...

4.3CVSS6AI score0.01919EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/02/01 11:0 p.m.22 views

CVE-2006-0509

Multiple cross-site scripting XSS vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via 1 the contactsearch parameter and 2 unspecified url fields...

6AI score0.01919EPSS
Exploits1References7
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.8 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder