CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

EUVD-2026-28266

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

GHSA-G8P8-94F2-28GR Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

PT-2026-37141

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An authorization mismatch exists between the frontend UI and the backend data endpoint. While the frontend correctly restricts the "show all organizations" filter to full administrators, the 'contact...

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

About the security content of macOS Tahoe 26.3

About the security content of macOS Tahoe 26.3 This document describes the security content of macOS Tahoe 26.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2026-1431

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

CVE-2022-39896

Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent...

PT-2024-19786 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: The issue allows an app to access information about a user's contacts due to inadequate data protection. This has been addressed with...

CVE-2023-24605

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...

CVE-2022-30736

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

CVE-2022-30743

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

CVE-2022-30743

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission...

Samsung Account 安全漏洞

Samsung Account is a cell phone account from Samsung South Korea. versions prior to Samsung Account 13.2.00.6 contain an improper privilege management vulnerability that could be exploited by attackers to gain unauthorized access to contact and gallery data...

Apple macOS Monterey 权限许可和访问控制问题漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey versions 12.0 21A344 - 12.3.1 21E258 have a privilege-granting and access-control issue vulnerability that stems from a plug-in that may be able to inherit an...

CVE-2020-0486

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for...