13 matches found
CVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
CVE-2025-66510 Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
Nextcloud Server 安全漏洞
Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server that stems from improper access control of the contact search feature, which could lead to information disclosure...
PT-2025-49265
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...
Mars: Reflected HTML Injection via contact (faq) search parameter on ██████████
The report describes a reflected HTML injection vulnerability in the contact faq search parameter on the ██████████. A specific HTML payload entered into this parameter was reflected back in the response without proper sanitization, allowing for the execution of arbitrary HTML and potentially...
Malicious Package
Overview @commercialsalesandmarketing/contact-search is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...
Malicious code in @commercialsalesandmarketing/contact-search (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e61eaf68c0708ce952ccab5bf707f36175c24e35f12127a74b04dbbf0cfd45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2006-1048
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the 1 Weblink, 2 Polls, 3 Newsfeeds, 4 Weblinks, 5 Content, 6 Content Section, 7 Content Category, 8 Contact items, or 9 Contact Search, 10 Content...
CVE-2006-0509
Multiple cross-site scripting XSS vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via 1 the contactsearch parameter and 2 unspecified url fields...
CVE-2006-0509
Multiple cross-site scripting XSS vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via 1 the contactsearch parameter and 2 unspecified url fields...
Security update 1970-01-01
...